Overview

overview

7

Static

static

1

rondo.armv6l

debian-12-armhf

7

Resubmissions

03/11/2024, 14:36

241103-ryy2zsyqgq 7

03/11/2024, 14:33

241103-rwzkqsweqd 7

14/10/2024, 18:19

241014-wx88sashrn 7

14/10/2024, 18:13

241014-wt9p5syfja 7

14/10/2024, 17:18

241014-vvj1fazhkn 1

Sharing

Copy URL Twitter E-mail

General

  • Target

    rondo.armv6l

  • Size

    147KB

  • Sample

    241103-rwzkqsweqd

  • MD5

    8e7dd4f2b8dbe08bcb48c6f2549cd889

  • SHA1

    dd4fcccb6d4c57b5ba0219b25d56f33c863bb435

  • SHA256

    953b92b8fd0fe5949dfd02dee4a660068d5ee40accb192508624cd0fa06f036f

  • SHA512

    6f90f2df0e53aa69d53c960fb6543d7085f9756d2a93b8c134f45e877316b0bd684e1a3662c7e03099f3f66c712f626860cf32be00d4ff46e6fa2a3904cd03ed

  • SSDEEP

    3072:C5xbZfUO3Ah67XZteWpjQaRKnGsXQxcsPKRNz+4:CnZf9397XveWOacG/x3wNz+4

Score
7/10
discoveryexecutionpersistenceprivilege_escalatio

Malware Config

Targets

    • Target

      rondo.armv6l

    • Size

      147KB

    • MD5

      8e7dd4f2b8dbe08bcb48c6f2549cd889

    • SHA1

      dd4fcccb6d4c57b5ba0219b25d56f33c863bb435

    • SHA256

      953b92b8fd0fe5949dfd02dee4a660068d5ee40accb192508624cd0fa06f036f

    • SHA512

      6f90f2df0e53aa69d53c960fb6543d7085f9756d2a93b8c134f45e877316b0bd684e1a3662c7e03099f3f66c712f626860cf32be00d4ff46e6fa2a3904cd03ed

    • SSDEEP

      3072:C5xbZfUO3Ah67XZteWpjQaRKnGsXQxcsPKRNz+4:CnZf9397XveWOacG/x3wNz+4

    Score
    7/10
    discoveryexecutionpersistenceprivilege_escalatio

    • Deletes itself

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalatio

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks