Overview

overview

10

Static

static

10

5b56bb9060...f3f2c5

ubuntu-20.04-amd64

7

Resubmissions

22-11-2024 12:09

241122-pbe99azpgw 10

22-11-2024 12:08

241122-pa2rvszpf1 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b56bb90601a55fb49bea46f524a47570b4a0a9117bd7d545f406a78d2f3f2c5

  • Size

    90KB

  • Sample

    241122-pa2rvszpf1

  • MD5

    563205e6c072588081ca841fc18d9f71

  • SHA1

    1f7509a4c3456b8d29d504852648efface0e60cf

  • SHA256

    5b56bb90601a55fb49bea46f524a47570b4a0a9117bd7d545f406a78d2f3f2c5

  • SHA512

    e55bbe2f62f898a1ee483fbed038de6d987c1cbac6688b3d12bf0a4f36a3d503abf474df82495d6b3e0c4ce60b01869bc497855879b6012c2cda9afba93b55f8

  • SSDEEP

    1536:0loZZa3wD/CqhX9tLPGcMXNPsVzqbvGxHyAG/jZaZSibj7l3i2XE51SRhtQR/ad:0lEkwD/Cq9XOW+bvGy9csEjh3zUyh2ad

Score
10/10
defense_evasiondiscoveryinfostealerlinuxpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      5b56bb90601a55fb49bea46f524a47570b4a0a9117bd7d545f406a78d2f3f2c5

    • Size

      90KB

    • MD5

      563205e6c072588081ca841fc18d9f71

    • SHA1

      1f7509a4c3456b8d29d504852648efface0e60cf

    • SHA256

      5b56bb90601a55fb49bea46f524a47570b4a0a9117bd7d545f406a78d2f3f2c5

    • SHA512

      e55bbe2f62f898a1ee483fbed038de6d987c1cbac6688b3d12bf0a4f36a3d503abf474df82495d6b3e0c4ce60b01869bc497855879b6012c2cda9afba93b55f8

    • SSDEEP

      1536:0loZZa3wD/CqhX9tLPGcMXNPsVzqbvGxHyAG/jZaZSibj7l3i2XE51SRhtQR/ad:0lEkwD/Cq9XOW+bvGy9csEjh3zUyh2ad

    Score
    7/10
    defense_evasiondiscoveryinfostealerpersistenceprivilege_escalation

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

      infostealer

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistenceprivilege_escalationdefense_evasion

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistenceprivilege_escalation

    • Modifies Bash startup script

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

4
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

2
T1037

RC Scripts

2
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

4
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

2
T1037

RC Scripts

2
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Defense Evasion

File and Directory Permissions Modification

1
T1222

Linux and Mac File and Directory Permissions Modification

1
T1222.002

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Impair Defenses

1
T1562

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks