General
-
Target
3f0ec748d8a083529098aa9181deba63508bb1d5863ff01bb528ebf4f53642e5.elf
-
Size
3.3MB
-
Sample
241110-crhzvszpfm
-
MD5
7211f88063c75dd428309e9ff15a4936
-
SHA1
4a5355f479d89a00c2a5c06bdc81e544007393ae
-
SHA256
3f0ec748d8a083529098aa9181deba63508bb1d5863ff01bb528ebf4f53642e5
-
SHA512
fdf72207ef7aa2c96ef5644194b4d1c13a4fd2aa4d8ce648da40f77504f400f65e89920bb3b6febd013270c8924d8be962f77d72b9e3e648ba7eb9be2757c35e
-
SSDEEP
49152:R67EwTFGfSierb/TSvO90d7HjmAFd4A64nsfJwp0tn6EHy4G/g9KkSM48Wy5D1an:dAt43VJGOTFiT38Oy
Static task
static1
Behavioral task
behavioral1
Sample
3f0ec748d8a083529098aa9181deba63508bb1d5863ff01bb528ebf4f53642e5.elf
Resource
ubuntu2204-amd64-20240522.1-en
Malware Config
Targets
-
-
Target
3f0ec748d8a083529098aa9181deba63508bb1d5863ff01bb528ebf4f53642e5.elf
-
Size
3.3MB
-
MD5
7211f88063c75dd428309e9ff15a4936
-
SHA1
4a5355f479d89a00c2a5c06bdc81e544007393ae
-
SHA256
3f0ec748d8a083529098aa9181deba63508bb1d5863ff01bb528ebf4f53642e5
-
SHA512
fdf72207ef7aa2c96ef5644194b4d1c13a4fd2aa4d8ce648da40f77504f400f65e89920bb3b6febd013270c8924d8be962f77d72b9e3e648ba7eb9be2757c35e
-
SSDEEP
49152:R67EwTFGfSierb/TSvO90d7HjmAFd4A64nsfJwp0tn6EHy4G/g9KkSM48Wy5D1an:dAt43VJGOTFiT38Oy
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Indicator Removal
1Clear Linux or Mac System Logs
1Virtualization/Sandbox Evasion
3System Checks
3Credential Access
OS Credential Dumping
2/etc/passwd and /etc/shadow
1Proc Filesystem
1