General

  • Target

    cARM.elf

  • Size

    3.7MB

  • Sample

    241123-ql79fssjcj

  • MD5

    6c88591fb7be04498a665dddbb0d3af5

  • SHA1

    36b82f4ea84a0b8102249c09b47988f6e2405ab9

  • SHA256

    616c87759bc580a751c1ee2f7f5014065c248a814d02232b070553818292149f

  • SHA512

    d51d1d927ff8f2ada1be416c902d36319ec68b46ced12130c18d56ad76b9e2cb1c2bf14fa5927e52a74960796811d5abb33b21db24f20a7ae0ef7fbc43164218

  • SSDEEP

    49152:4+0IUj0moc5HoVZJcearnTTTq9gX51tbB8KDkZ0/L93DntkQzPoFmS:4ZJjGHDajpdbB8IkZ0dbtkwo1

Malware Config

Targets

    • Target

      cARM.elf

    • Size

      3.7MB

    • MD5

      6c88591fb7be04498a665dddbb0d3af5

    • SHA1

      36b82f4ea84a0b8102249c09b47988f6e2405ab9

    • SHA256

      616c87759bc580a751c1ee2f7f5014065c248a814d02232b070553818292149f

    • SHA512

      d51d1d927ff8f2ada1be416c902d36319ec68b46ced12130c18d56ad76b9e2cb1c2bf14fa5927e52a74960796811d5abb33b21db24f20a7ae0ef7fbc43164218

    • SSDEEP

      49152:4+0IUj0moc5HoVZJcearnTTTq9gX51tbB8KDkZ0/L93DntkQzPoFmS:4ZJjGHDajpdbB8IkZ0dbtkwo1

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Deletes log files

      Deletes log files on the system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks