General

  • Target

    arm7(20)

  • Size

    102KB

  • Sample

    241112-176b4awjgm

  • MD5

    45c898246a8ffe0b7cc20fe25669da04

  • SHA1

    5ae935186b80f6beb84926d57337d5c0b9e3e1fc

  • SHA256

    1b0846e58fbb6a0e72d25edb81ec94961c0c7048a4e6f26876660f5a26675c77

  • SHA512

    ca75fb8ae0aa7977132c2888ff226f712f4e66f542ab121bcffdc3b3a912b906870b55d6415dfc60c133574739a71c1e5177418dd275d208f43d6ffc09c14636

  • SSDEEP

    3072:lJ8o+XRPI6aC6/y7sdQQVAs5mSAwhj8zX:lJ8l66aC6/y7sumANSXhAzX

Malware Config

Targets

    • Target

      arm7(20)

    • Size

      102KB

    • MD5

      45c898246a8ffe0b7cc20fe25669da04

    • SHA1

      5ae935186b80f6beb84926d57337d5c0b9e3e1fc

    • SHA256

      1b0846e58fbb6a0e72d25edb81ec94961c0c7048a4e6f26876660f5a26675c77

    • SHA512

      ca75fb8ae0aa7977132c2888ff226f712f4e66f542ab121bcffdc3b3a912b906870b55d6415dfc60c133574739a71c1e5177418dd275d208f43d6ffc09c14636

    • SSDEEP

      3072:lJ8o+XRPI6aC6/y7sdQQVAs5mSAwhj8zX:lJ8l66aC6/y7sumANSXhAzX

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

MITRE ATT&CK Enterprise v15

Tasks