b938cc27a7964c045d6a614d174ae5b5a48448956a9ca495f02236c9101ce670 | Triage

Sharing

General

Target

CHINA-APT-Trojan (2).zip
Size

9.6MB
Sample

241121-pj88assfrm
MD5

e197aac992348df4fc2c12cbee433f7e
SHA1

cdbbb6617d8937d17a1a9ef12750bee1cddf4562
SHA256

b938cc27a7964c045d6a614d174ae5b5a48448956a9ca495f02236c9101ce670
SHA512

ede1b934f01fd3f1ff979083de73e7165a5c22f7edba1a611a567d5a406f2a86f21bff59fcc8d2c0a4f662efbf17309eb89b2a581c5a13514f1f3b1667c2131d
SSDEEP

196608:fEhlwnz+BdrV2gKcTz362WpEhlwnz+BdrV2wKcTz362Wj:ilwz+BdhScTT5flwz+BdhkcTT5c

Score

6^/10

antivm discovery evasion execution linux persistence

Malware Config

Targets

- Target
  
  CHINA-APT-Trojan/etc/init.d/dlump
- Size
  
  30B
- MD5
  
  c4be6d26325eaf0454e93f5b2400146a
- SHA1
  
  552675a89bd1420dae70b6c27458b754ee55cd01
- SHA256
  
  bdd986bd1e3202772113fb79f8885598ea109cfacab9372a70bfca60aad69d65
- SHA512
  
  ee29d892ed110027450d6a9a54fc1ab2f6bdebff5f592317e2b62c732ccf2786cc3e16d9c6cb7087ae46b6e81929300be51ce1ddd867bb9b507d1b72d04aa07a
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  CHINA-APT-Trojan/home/www/.Xl1/ccc
- Size
  
  8KB
- MD5
  
  5789e8b1a31d7117b05143cec4a85378
- SHA1
  
  209c4994a42af7832f526e09238fb55d5aab34e5
- SHA256
  
  c26d239f415bec27125862acafdeac267be398bc9208e27f09217dc8ecf64225
- SHA512
  
  5ab5798811c6b83e2d85cdb1ad2b6bdbf2981f9381159eb2038203254e3ac8775477792400645e250fcba62598c47c31a82a599e439be057b8f400dd3e278820
- SSDEEP
  
  96:GFTxGzOqifdFb+zboSSR+Whu47J2lyIAf7QTa4B2woB9x:GFV0QFKzboS0fCnoF
Score

1^/10
behavioral5
- Target
  
  CHINA-APT-Trojan/home/www/.Xl1/kde
- Size
  
  123KB
- MD5
  
  87e437cf74ce4b1330b8af9ff71edae2
- SHA1
  
  8532eca04c0f58172d80d8a446ae33907d509377
- SHA256
  
  1ec286f2194199206e4ce345f1bf322b6b0b4c947b1cf32db59cca2d89370738
- SHA512
  
  856a3140d54ec86f8cdac4b35f7a2266c800f75cbbcf075650e75fbc6e5f4e104c231aafecd8658a061439395a1131a5e2f075e1051550117fed6c3db8eb1446
- SSDEEP
  
  3072:oKV6YwUaoJwfg+uKsdzUNtklICvOqAXby0:oKwYwUaEwfY+kI3Xu0
Score

6^/10

persistence
- Write file to user bin folder
  persistence
behavioral6
- Target
  
  CHINA-APT-Trojan/home/www/.Xl1/udevd
- Size
  
  3.4MB
- MD5
  
  1418fe9a743226b9661a2b6decb19db0
- SHA1
  
  0ab53321bb9699d354a032259423175c08fec1a4
- SHA256
  
  ccf8e4d6e661ceaea598851923bb8b983bd820ffd02448b8245e6ac780977784
- SHA512
  
  548cedaa7e100ca49800878a164989fabe101c58d3dea316efe13b368b18e00899664167b533c3556d6e82697677529cbd1e73cdd87aacac87c12363322042a4
- SSDEEP
  
  98304:UdgXuBCAPGHGXqiCz6eH+USFUFJYX25Ot:OPmhSWYL
Score

6^/10

discovery persistence
- Write file to user bin folder
  persistence
behavioral7
- Target
  
  CHINA-APT-Trojan/home/www/.profile.sh
- Size
  
  45B
- MD5
  
  c6bc4e21447f4d69306d2aa2a4712c0f
- SHA1
  
  b6ffbe6b788432215d3ce22a4f6c4a1dbe64721b
- SHA256
  
  83a9d271c5d7f7bc8a1582348897674047aeb242c4457274bd241293201303be
- SHA512
  
  199f63623155c91777a4a0c4c09160dddedb26b1b3c47a86e0e6a9240422ffd5dfd6babcc00b15a869e292711bf0dd9350d6b95d04b02ecebcfb1d6f9c518f45
Score

1^/10
behavioral10 behavioral11 behavioral8 behavioral9
- Target
  
  CHINA-APT-Trojan/home/www/tomcat/webapps/WEB-INF/attache_temp/a.jsp
- Size
  
  2KB
- MD5
  
  7e811bb05983460dcacfffa60adaeaaa
- SHA1
  
  fd601a54bc622c041df0242662964a7ed31c6b9c
- SHA256
  
  d2e1ee14a424bf350d263ff68561e18da88c68db54d02a7f277a70d1a68c75aa
- SHA512
  
  9ef0ef2d5a70bd46cf7eb4e66a51ac74c7c3e949a0e75decf74430d4953da5d266f3abbd11a19e3f1e04cb1a854e8d08353179241b2d392301fcd617dc31eb9f
Score

3^/10

execution
behavioral12 behavioral13
- Target
  
  CHINA-APT-Trojan/home/www/tomcat/webapps/img/yy1.jsp
- Size
  
  57KB
- MD5
  
  2f017728ead4b0d45f431e8d8f2622a6
- SHA1
  
  9f7790524bd759373ab57ee2aafa6f5d8bcb918a
- SHA256
  
  ff8b297fb8efc1b7b2cd871a489337831d889ec2d4945e58ee5358d201e865cd
- SHA512
  
  6a662be9b8a9935fd4cf6a1af399cc3fcc7528dd0f796960d05e847292be06298c90c89c6772528aad81aef7888d51e069f17b10072505f1d47a3ea8074e2e87
- SSDEEP
  
  768:OSmt4dfLJPEHgWYWtZSxsyX6c6idXjqHte:OUdD5EHgWYWtZSxs6qHg
Score

3^/10

execution
behavioral14 behavioral15
- Target
  
  CHINA-APT-Trojan/home/www/tomcat/webapps/login.jsp
- Size
  
  1KB
- MD5
  
  320d62d41dbf49e07bb796274932855d
- SHA1
  
  238c8e8eb7a732d85d8a7f7ca40b261d8ae4183d
- SHA256
  
  ca700e0070948fe99e0b7acd0aacb02c969240481c842fae67b534f732cf1593
- SHA512
  
  40e798436dbcc902d3e58313cb5feb84c6c6c13f09d08675f82525a0d056da56e92470149b99e7128ed867572081101e4f549c1181e91c320d23c1d5da826c54
Score

3^/10

execution
behavioral16 behavioral17
- Target
  
  CHINA-APT-Trojan/usr/bin/.Xl1/kde
- Size
  
  123KB
- MD5
  
  87e437cf74ce4b1330b8af9ff71edae2
- SHA1
  
  8532eca04c0f58172d80d8a446ae33907d509377
- SHA256
  
  1ec286f2194199206e4ce345f1bf322b6b0b4c947b1cf32db59cca2d89370738
- SHA512
  
  856a3140d54ec86f8cdac4b35f7a2266c800f75cbbcf075650e75fbc6e5f4e104c231aafecd8658a061439395a1131a5e2f075e1051550117fed6c3db8eb1446
- SSDEEP
  
  3072:oKV6YwUaoJwfg+uKsdzUNtklICvOqAXby0:oKwYwUaEwfY+kI3Xu0
Score

6^/10

persistence
- Write file to user bin folder
  persistence
behavioral18
- Target
  
  CHINA-APT-Trojan/usr/bin/.Xl1/udevd
- Size
  
  3.4MB
- MD5
  
  1418fe9a743226b9661a2b6decb19db0
- SHA1
  
  0ab53321bb9699d354a032259423175c08fec1a4
- SHA256
  
  ccf8e4d6e661ceaea598851923bb8b983bd820ffd02448b8245e6ac780977784
- SHA512
  
  548cedaa7e100ca49800878a164989fabe101c58d3dea316efe13b368b18e00899664167b533c3556d6e82697677529cbd1e73cdd87aacac87c12363322042a4
- SSDEEP
  
  98304:UdgXuBCAPGHGXqiCz6eH+USFUFJYX25Ot:OPmhSWYL
Score

6^/10

discovery persistence
- Write file to user bin folder
  persistence
behavioral19
- Target
  
  CHINA-APT-Trojan/usr/lib/libselinux.so
- Size
  
  22KB
- MD5
  
  ba08e63ad65a9bdcdb1655f25d32c808
- SHA1
  
  44947903b2bc760ac2e736b25574be33bf7af40b
- SHA256
  
  42308b675105f49b6ac8041d97a2fb3e34d94b12c4ab4da9d8cfcffb62c9033e
- SHA512
  
  4ed7ecf8369ad1731889343badf9b7eadeda3920afe99a0ef23c5617a87c25e91b9112999ed0e5d6f31ed6d39399c96bb81eba8d242e3b3284d659fd0e07f6dd
- SSDEEP
  
  384:ofV44/4bvoYJQA8PYQhtEpoZFMdpy5A7xHdsfPvk1MbOj:otoOBYjHB1b
Score

1^/10
behavioral20
- Target
  
  CHINA-APT-Trojan/usr/lib64/gdm/.gdm/dbus
- Size
  
  190KB
- MD5
  
  2251bc7910fe46fd0baf8bc05599bdcf
- SHA1
  
  0fef89711da11c550d3914debc0e663f5d2fb86c
- SHA256
  
  cff20753e36a4c942dc4dab5a91fd621a42330e17a89185a5b7262280bcd9263
- SHA512
  
  b5436c9f330cf32aeda31bc80ad375d4a1500c2a37f7317e70bd533fe4e6bae209da63f7ef623e0b05d6b4a03af54e93371afb3538754b9b195311496faa226c
- SSDEEP
  
  3072:sCktP9yEwFeIY0kRyxAuSnjL1Jo1q0+DNRJtlxaERyFzKr1Z70oh:sRPIEANY1RDXe8DNlYs
Score

6^/10

antivm discovery evasion execution persistence
- Reads list of loaded kernel modules
  Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
  evasion
behavioral21

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

User Execution

Malicious File

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

discoverypersistence

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

discoverypersistence

behavioral20

behavioral21

antivmdiscoveryevasionexecutionpersistence