General
-
Target
e
-
Size
72KB
-
Sample
241030-t5fv4axejg
-
MD5
b6352bba762081cdb61e89c0f1893018
-
SHA1
38062faccdc2d923880f814ff6263baaea01162d
-
SHA256
53bf41beef030d39bf962e0a267544cc6fc7f67954e14d6bdf3de7738f3e6e9f
-
SHA512
41bebbc448e91f022155de3202bb81290d01f6828295ee9f65ccf63e636e1b2994a63a5d11d5d9e4aee10d3fbb65bedb2d55456b6a72f4583faa49863cbddf88
-
SSDEEP
1536:TqAK7criISePq2LfYBKKv7T2y7v7F/Uv4T/NfxGa+Vgabae+eQPpmr:cePq2LfYBKKv7Tb/9wgabxvw
Static task
static1
Behavioral task
behavioral1
Sample
e
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
e
-
Size
72KB
-
MD5
b6352bba762081cdb61e89c0f1893018
-
SHA1
38062faccdc2d923880f814ff6263baaea01162d
-
SHA256
53bf41beef030d39bf962e0a267544cc6fc7f67954e14d6bdf3de7738f3e6e9f
-
SHA512
41bebbc448e91f022155de3202bb81290d01f6828295ee9f65ccf63e636e1b2994a63a5d11d5d9e4aee10d3fbb65bedb2d55456b6a72f4583faa49863cbddf88
-
SSDEEP
1536:TqAK7criISePq2LfYBKKv7T2y7v7F/Uv4T/NfxGa+Vgabae+eQPpmr:cePq2LfYBKKv7Tb/9wgabxvw
-
Renames multiple (70) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies PAM framework files
Modifies Linux PAM framework files, possibly to intercept credentials.
-
Modifies sudoers policy
Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.
-
Modifies user home skeleton directory
Modifies skeleton of initial home directory of newly added system users.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Reads network interface configuration
Fetches information about one or more active network interfaces.
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Boot or Logon Initialization Scripts
2RC Scripts
2Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Modify Authentication Process
1Pluggable Authentication Modules
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3Boot or Logon Initialization Scripts
2RC Scripts
2Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Defense Evasion
Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Indicator Removal
2Clear Linux or Mac System Logs
2Modify Authentication Process
1Pluggable Authentication Modules
1