5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18 | Triage

Sharing

General

Target

5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18.elf
Size

177KB
Sample

241104-cxwg5s1drh
MD5

786d75a158fe731feca3880f436082c0
SHA1

79ea2734e43d00cdeabed5586b2c1994d02aef3e
SHA256

5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18
SHA512

7984ebc874563267570f828ee158e4860971e184900e3590ac3b4829285443e065dd1ad4df190ceabf575880a4cd8ead4dd1132e9c1650239accf3f6440a3f7f
SSDEEP

3072:PJtid2ng8w4YMrgUqqdaODUvI7UhTIyU2be6CXuVyZM/9h9XKvtZmmmLdwC7tuRD:BtiGGqaODUvI4hc2bvCXuVoM/9PXwPmK

Score

9^/10

discovery execution persistence privilege_escalatio

Malware Config

Targets

- Target
  
  5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18.elf
- Size
  
  177KB
- MD5
  
  786d75a158fe731feca3880f436082c0
- SHA1
  
  79ea2734e43d00cdeabed5586b2c1994d02aef3e
- SHA256
  
  5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18
- SHA512
  
  7984ebc874563267570f828ee158e4860971e184900e3590ac3b4829285443e065dd1ad4df190ceabf575880a4cd8ead4dd1132e9c1650239accf3f6440a3f7f
- SSDEEP
  
  3072:PJtid2ng8w4YMrgUqqdaODUvI7UhTIyU2be6CXuVyZM/9h9XKvtZmmmLdwC7tuRD:BtiGGqaODUvI4hc2bvCXuVoM/9PXwPmK
Score

9^/10

discovery execution persistence privilege_escalatio
- Contacts a large (2091) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistenceprivilege_escalatio