f34e59d9711b93c8c0192f717063b7db0d20cb342490a0c9fc9d9d63d245d067 | Triage

Sharing

General

Target

f34e59d9711b93c8c0192f717063b7db0d20cb342490a0c9fc9d9d63d245d067.elf
Size

134KB
Sample

241121-kr464azeqf
MD5

2fcff406e1f57e00d98b987d23cd398f
SHA1

7675a391d83a38868d5f9194a9c7248291e1705a
SHA256

f34e59d9711b93c8c0192f717063b7db0d20cb342490a0c9fc9d9d63d245d067
SHA512

6003c40f6af2626ab5fcf6fc381e4e27abb624111d8e297d24b2110d78134ade98cc702e0fe3c556b65900b9a03efbde16e53395280bdbf395b9d936c19227de
SSDEEP

1536:tLXuqtWr4N9zWJPEceN7U9empeIwOdzZXz8EmbycedlGcYx3dZ3aHXzy+LwCvnqX:puqtWr4DItmecedlotFU3vnqln

Score

7^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  f34e59d9711b93c8c0192f717063b7db0d20cb342490a0c9fc9d9d63d245d067.elf
- Size
  
  134KB
- MD5
  
  2fcff406e1f57e00d98b987d23cd398f
- SHA1
  
  7675a391d83a38868d5f9194a9c7248291e1705a
- SHA256
  
  f34e59d9711b93c8c0192f717063b7db0d20cb342490a0c9fc9d9d63d245d067
- SHA512
  
  6003c40f6af2626ab5fcf6fc381e4e27abb624111d8e297d24b2110d78134ade98cc702e0fe3c556b65900b9a03efbde16e53395280bdbf395b9d936c19227de
- SSDEEP
  
  1536:tLXuqtWr4N9zWJPEceN7U9empeIwOdzZXz8EmbycedlGcYx3dZ3aHXzy+LwCvnqX:puqtWr4DItmecedlotFU3vnqln
Score

7^/10

defense_evasion discovery persistence privilege_escalation
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence privilege_escalation defense_evasion
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Modifies Bash startup script
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Event Triggered Execution

Unix Shell Configuration Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Event Triggered Execution

Unix Shell Configuration Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation