General
-
Target
fe6f659301f5463d4c741d1426b659f847546da7976e56fcd6fb1a591172755b.elf
-
Size
4.0MB
-
Sample
241105-w2lnaavqcv
-
MD5
303b810ded50518524ca19333b2e981c
-
SHA1
ca47318dc226619a547ab6a19a956f47dcacf964
-
SHA256
fe6f659301f5463d4c741d1426b659f847546da7976e56fcd6fb1a591172755b
-
SHA512
d0533c07f5cacee98eff78384898540e0df7154c3bf486573b3efb38e2fdb416b2a38cb56f9631e5c876b0ac7aa03fdafea44a40f57a9a97d3e5e1e2ecbdd2f9
-
SSDEEP
49152:bIuiUTokrb/TEvO90dL3BmAFd4A64nsfJFhzmWMeUXEP7p1dsIQd/Bt7tFuShwgP:bIMMeXfO3uSvKii917E
Static task
static1
Behavioral task
behavioral1
Sample
fe6f659301f5463d4c741d1426b659f847546da7976e56fcd6fb1a591172755b.elf
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Targets
-
-
Target
fe6f659301f5463d4c741d1426b659f847546da7976e56fcd6fb1a591172755b.elf
-
Size
4.0MB
-
MD5
303b810ded50518524ca19333b2e981c
-
SHA1
ca47318dc226619a547ab6a19a956f47dcacf964
-
SHA256
fe6f659301f5463d4c741d1426b659f847546da7976e56fcd6fb1a591172755b
-
SHA512
d0533c07f5cacee98eff78384898540e0df7154c3bf486573b3efb38e2fdb416b2a38cb56f9631e5c876b0ac7aa03fdafea44a40f57a9a97d3e5e1e2ecbdd2f9
-
SSDEEP
49152:bIuiUTokrb/TEvO90dL3BmAFd4A64nsfJFhzmWMeUXEP7p1dsIQd/Bt7tFuShwgP:bIMMeXfO3uSvKii917E
-
Renames multiple (650) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Privilege Escalation
Boot or Logon Autostart Execution
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1