General
-
Target
arm7-20241104-0018.elf
-
Size
102KB
-
Sample
241104-al64dsycnc
-
MD5
1f7962f8e2708017e911356bd757a2c3
-
SHA1
5373c75e3b2c1e0a9176753d0d00ef25207796be
-
SHA256
3acae58d3eee41939f3d1b9f96bceec757ab7320a7dcb2e50954a7c71e437681
-
SHA512
771402e35c3b6abef0ce977fe4ac7a48eedec1e9fba1d5717850a80f7d7d517be9b370d11da4707149206c076f281ba9b19819a924cc47e7c6f6c845f04bf4d0
-
SSDEEP
1536:FinUc/4KvNLvHqHY+4/QnsasEPvS7sHTvlmlc9ivcfwWTu2SMTZUYHQY9X:Fwo34/QnsasyvS7sT8Owku2SMTujY9X
Static task
static1
Behavioral task
behavioral1
Sample
arm7-20241104-0018.elf
Resource
debian9-armhf-20240611-en
Malware Config
Targets
-
-
Target
arm7-20241104-0018.elf
-
Size
102KB
-
MD5
1f7962f8e2708017e911356bd757a2c3
-
SHA1
5373c75e3b2c1e0a9176753d0d00ef25207796be
-
SHA256
3acae58d3eee41939f3d1b9f96bceec757ab7320a7dcb2e50954a7c71e437681
-
SHA512
771402e35c3b6abef0ce977fe4ac7a48eedec1e9fba1d5717850a80f7d7d517be9b370d11da4707149206c076f281ba9b19819a924cc47e7c6f6c845f04bf4d0
-
SSDEEP
1536:FinUc/4KvNLvHqHY+4/QnsasEPvS7sHTvlmlc9ivcfwWTu2SMTZUYHQY9X:Fwo34/QnsasyvS7sT8Owku2SMTujY9X
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1