General
-
Target
cARM.elf
-
Size
3.7MB
-
Sample
241123-ql79fssjcj
-
MD5
6c88591fb7be04498a665dddbb0d3af5
-
SHA1
36b82f4ea84a0b8102249c09b47988f6e2405ab9
-
SHA256
616c87759bc580a751c1ee2f7f5014065c248a814d02232b070553818292149f
-
SHA512
d51d1d927ff8f2ada1be416c902d36319ec68b46ced12130c18d56ad76b9e2cb1c2bf14fa5927e52a74960796811d5abb33b21db24f20a7ae0ef7fbc43164218
-
SSDEEP
49152:4+0IUj0moc5HoVZJcearnTTTq9gX51tbB8KDkZ0/L93DntkQzPoFmS:4ZJjGHDajpdbB8IkZ0dbtkwo1
Static task
static1
Behavioral task
behavioral1
Sample
cARM.elf
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
cARM.elf
-
Size
3.7MB
-
MD5
6c88591fb7be04498a665dddbb0d3af5
-
SHA1
36b82f4ea84a0b8102249c09b47988f6e2405ab9
-
SHA256
616c87759bc580a751c1ee2f7f5014065c248a814d02232b070553818292149f
-
SHA512
d51d1d927ff8f2ada1be416c902d36319ec68b46ced12130c18d56ad76b9e2cb1c2bf14fa5927e52a74960796811d5abb33b21db24f20a7ae0ef7fbc43164218
-
SSDEEP
49152:4+0IUj0moc5HoVZJcearnTTTq9gX51tbB8KDkZ0/L93DntkQzPoFmS:4ZJjGHDajpdbB8IkZ0dbtkwo1
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Indicator Removal
1Clear Linux or Mac System Logs
1Virtualization/Sandbox Evasion
3System Checks
3Credential Access
OS Credential Dumping
2/etc/passwd and /etc/shadow
1Proc Filesystem
1