Overview

overview

7

Static

static

1

sshx

ubuntu-24.04-amd64

7

Resubmissions

01-11-2024 18:06

241101-wp5wdsvnel 4

01-11-2024 16:27

241101-tx4bes1lcx 4

01-11-2024 16:24

241101-twjkma1lb1 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sshx-x86_64-unknown-linux-musl.tar.gz

  • Size

    2.9MB

  • Sample

    241101-twjkma1lb1

  • MD5

    6b33ffa4fe9b7d9698afc84afaa42f99

  • SHA1

    feca059c524c7040747bc89a93536430cb118231

  • SHA256

    7e3ff687063d2a52607b68f60f46ff7cd918ca21af2df36da7d2f91e9324b970

  • SHA512

    1d91fff0f35bd51a85c405868ce8f355c3e8ac3e0e031cfa21057e5cf3b53ceb69b36780cf45ca908b600572ec60c264dba9596ab8e8c843531b9c1716290592

  • SSDEEP

    49152:FqD/u8i9JHbmnOGs41SzLT77DTT5+R05mpuxxF7eZwoFoblSmCiX6Nzg+Lz0zqYv:IuPr7mOsSLTXXTwRKs6xFCZFFob/CiXn

Score
7/10
antivmcredential_accessdefense_evasiondiscoveryexecutionlinuxpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      sshx

    • Size

      7.3MB

    • MD5

      4655941d7ea27788f29e7101794a24bb

    • SHA1

      e8605a27857832503bacfbe106eaf2a02361b5e3

    • SHA256

      9d7ad8da8ce2bcdbbe2164e37d5759c9efc22e68ddc11f4502c43b14b349bdec

    • SHA512

      0a8011b87021dd9b5d0350b38ba7d8e837833405b95a8762b7b8833800327470a2c1b0b5e1b5101a8448ba3531123e04502759be43fb96860616623973f7e43e

    • SSDEEP

      98304:GpitswbS0eSojJ5+NfoIVoKCT5K+dmcF:GUsKS0eeBHc

    Score
    7/10
    antivmcredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalation

    • Executes dropped EXE

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

      credential_access

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

      privilege_escalationdefense_evasion

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

      antivm

    • Deletes log files

      Deletes log files on the system.

      defense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

      discovery

    • Write file to user bin folder

      persistence

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks