General
-
Target
arm7(20)
-
Size
102KB
-
Sample
241112-176b4awjgm
-
MD5
45c898246a8ffe0b7cc20fe25669da04
-
SHA1
5ae935186b80f6beb84926d57337d5c0b9e3e1fc
-
SHA256
1b0846e58fbb6a0e72d25edb81ec94961c0c7048a4e6f26876660f5a26675c77
-
SHA512
ca75fb8ae0aa7977132c2888ff226f712f4e66f542ab121bcffdc3b3a912b906870b55d6415dfc60c133574739a71c1e5177418dd275d208f43d6ffc09c14636
-
SSDEEP
3072:lJ8o+XRPI6aC6/y7sdQQVAs5mSAwhj8zX:lJ8l66aC6/y7sumANSXhAzX
Static task
static1
Behavioral task
behavioral1
Sample
arm7(20)
Resource
debian9-armhf-20240611-en
Malware Config
Targets
-
-
Target
arm7(20)
-
Size
102KB
-
MD5
45c898246a8ffe0b7cc20fe25669da04
-
SHA1
5ae935186b80f6beb84926d57337d5c0b9e3e1fc
-
SHA256
1b0846e58fbb6a0e72d25edb81ec94961c0c7048a4e6f26876660f5a26675c77
-
SHA512
ca75fb8ae0aa7977132c2888ff226f712f4e66f542ab121bcffdc3b3a912b906870b55d6415dfc60c133574739a71c1e5177418dd275d208f43d6ffc09c14636
-
SSDEEP
3072:lJ8o+XRPI6aC6/y7sdQQVAs5mSAwhj8zX:lJ8l66aC6/y7sumANSXhAzX
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1