General

  • Target

    arm7-20241104-0018.elf

  • Size

    102KB

  • Sample

    241104-al64dsycnc

  • MD5

    1f7962f8e2708017e911356bd757a2c3

  • SHA1

    5373c75e3b2c1e0a9176753d0d00ef25207796be

  • SHA256

    3acae58d3eee41939f3d1b9f96bceec757ab7320a7dcb2e50954a7c71e437681

  • SHA512

    771402e35c3b6abef0ce977fe4ac7a48eedec1e9fba1d5717850a80f7d7d517be9b370d11da4707149206c076f281ba9b19819a924cc47e7c6f6c845f04bf4d0

  • SSDEEP

    1536:FinUc/4KvNLvHqHY+4/QnsasEPvS7sHTvlmlc9ivcfwWTu2SMTZUYHQY9X:Fwo34/QnsasyvS7sT8Owku2SMTujY9X

Malware Config

Targets

    • Target

      arm7-20241104-0018.elf

    • Size

      102KB

    • MD5

      1f7962f8e2708017e911356bd757a2c3

    • SHA1

      5373c75e3b2c1e0a9176753d0d00ef25207796be

    • SHA256

      3acae58d3eee41939f3d1b9f96bceec757ab7320a7dcb2e50954a7c71e437681

    • SHA512

      771402e35c3b6abef0ce977fe4ac7a48eedec1e9fba1d5717850a80f7d7d517be9b370d11da4707149206c076f281ba9b19819a924cc47e7c6f6c845f04bf4d0

    • SSDEEP

      1536:FinUc/4KvNLvHqHY+4/QnsasEPvS7sHTvlmlc9ivcfwWTu2SMTZUYHQY9X:Fwo34/QnsasyvS7sT8Owku2SMTujY9X

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

MITRE ATT&CK Enterprise v15

Tasks