Overview

overview

7

Static

static

1

cve_2024_6387/386

ubuntu-24.04-amd64

7

cve_2024_6387/aarch64

ubuntu-22.04-amd64

7

cve_2024_6387/amd64

ubuntu-20.04-amd64

7

cve_2024_6387/arm5

debian-9-armhf

7

cve_2024_6387/arm6

debian-12-armhf

7

cve_2024_6387/arm7

debian-12-armhf

7

cve_2024_6...nup.sh

ubuntu-18.04-amd64

7

cve_2024_6...nup.sh

debian-9-armhf

7

cve_2024_6...nup.sh

debian-9-mips

7

cve_2024_6...nup.sh

debian-9-mipsel

7

cve_2024_6387/exploit

ubuntu-18.04-amd64

7

cve_2024_6...oit.py

windows7-x64

3

cve_2024_6...oit.py

windows10-2004-x64

3

cve_2024_6387/mips

debian-9-mips

3

cve_2024_6387/mips64

debian-9-mips

cve_2024_6...ps64el

debian-9-mipsel

cve_2024_6387/mipsel

debian-9-mipsel

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc3b7de3d7a21e7f7116ecd9b9eb22d5.bin

  • Size

    31.2MB

  • Sample

    241123-wz9x4azmb1

  • MD5

    4ec8627a52d61a596870ef9ebf5aa87f

  • SHA1

    89eb64f4dfe017658b85db13125a02caff5809e9

  • SHA256

    bdbc35721238ef0c38acf962295c36bae59c6472b70bb469439c1c370ce472f6

  • SHA512

    34c256bc3b259c5f8e1c63209be95482cbb9e1da816345289499e8f8ec5d2e1c46631c703e4d3b9f7b71530cb29168642f2f6c65e9b27320f7709ad48fc562f7

  • SSDEEP

    786432:rmsVF17djtBBl6bYc6y1VYwPi0c0NOXc5ZH4/ocllkAIVExrA8tMZd:yEF1pbBl6bcy1VlPXCXcPol9RlMH

Score
7/10
defense_evasiondiscoveryexecutioninfostealerlinuxpersistenceprivilege_escalatioprivilege_escalationrootkit

Malware Config

Targets

    • Target

      cve_2024_6387/386

    • Size

      4.9MB

    • MD5

      ac46e9818cd936fbfcba5effd7f4e850

    • SHA1

      9a058ce2e1a413ae24b0c23e49b68d1b2f3f2777

    • SHA256

      e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde4

    • SHA512

      38fe3086130ccf009bd44d0d2666f1d9a03d993c7fccfdaa1fb6b779b457cb0c76147f95363b73326dc5a18bd1ed89883ed0952836b1368b38f5bc3378f6a4dc

    • SSDEEP

      49152:FPhq6f/l+XZKQn1VQPtHCVfsrAeg7UWsnc+m347J7Gr:+6f/lkBYCTo8r

    Score
    7/10
    discoveryrootkit

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit
    behavioral1

    • Target

      cve_2024_6387/aarch64

    • Size

      1.2MB

    • MD5

      f1605ee67da4359d523697d61e380d69

    • SHA1

      a0238a3433fcdffbfd04dadb7c0fc6c103a9efb2

    • SHA256

      70638556617d43b14e017779db4468e547d880cbff50a52ff292fbfd6ef04972

    • SHA512

      57bdaf14e7275c9423e4640bdf53f0cd803a0d0b462fbcc92c3715c021e51b250af4925f9b60018819b5fe88756a69bf029ca11d04e142244d3ab28b5be7158e

    • SSDEEP

      12288:6UiHCV/FjnbC8CJzoCaWSURJsQwBUdk3RV80t5/wsdybiEZpQI6K79CBb8USXzxy:6UiHc/FjG9uo8J861dyWdI99IbIzzzc5

    Score
    7/10
    discoveryexecutionpersistenceprivilege_escalatio

    • Executes dropped EXE

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalatio

    • Writes file to system bin folder

    behavioral2

    • Target

      cve_2024_6387/amd64

    • Size

      5.1MB

    • MD5

      2be087e54204a6c395e05516c53fd579

    • SHA1

      3bdad143cd168a2015aba2053e53f99a24d52ace

    • SHA256

      b60ad90687871ae94e2b33cf2320f523ee614893215335dc5958a6a705488330

    • SHA512

      2ab629a5f9637c7026069e5cc7b473968290b8eb42158dc93c46613d2b4b0ef39149f158b71dda8b2c8bbbebd58ba28cf5437fc0d083fca37deb84423a769db8

    • SSDEEP

      49152:YB9Em2vjYVfh5jw9aF8k4yHwXrD3LwJKiCb85E6l9HblTLEGdvIRKnuI:QDVf/Y4jMrDr8E+rvuK1

    Score
    7/10
    defense_evasiondiscoveryinfostealerpersistenceprivilege_escalation

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

      infostealer

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistenceprivilege_escalationdefense_evasion

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies Bash startup script

      persistence
    behavioral3

    • Target

      cve_2024_6387/arm5

    • Size

      5.0MB

    • MD5

      f88f1c803432b72243da85089264bc92

    • SHA1

      380f766eec0b181cb094b51e366487deabd0d312

    • SHA256

      1d37cf0bbe88047caf8442db890edad597a52a70fbab49ce258a51f9ea1b3163

    • SHA512

      c6e56e053c0b6c0d623d2babf45bd4ffeddc3fbb7a886cda96f28f03430420b01d860e00691c6da3fc804be441536466183c2a60b340d903f6c874a476d04113

    • SSDEEP

      49152:wagnab47zaAs4cqq0OM9VpiOMXwXpfdmFEo:wagn8cVs4cqq6ZdmFEo

    Score
    7/10
    defense_evasiondiscoverypersistenceprivilege_escalation
    behavioral4

    • Target

      cve_2024_6387/arm6

    • Size

      5.0MB

    • MD5

      f01b45a5bea298b837db3af8c5bad744

    • SHA1

      79ae24874af457cfd95b5c34f95ecf5ab6ececb5

    • SHA256

      77adc73b97c25352eee23fdf52b8b663d606a56a494a2ab1498ba20e7c770327

    • SHA512

      4e13687c78344ffcc17d88a49d00c05bb96cf3e1d2c2bc4026cd3fab2dfcd7ce93cab06241f804ffd5e3ce0407f474738a1a47dde1960e5157bfb1dc2ef2b7c0

    • SSDEEP

      24576:uMNirxGnmSHuvTEkaxEa8C8L9NNtr3Fr4DEO2W37yWRO2FkNeuV7pbifUXHB7tEF:DbXZshQYTIQRXGxBdZMoA7en2Gd

    Score
    7/10
    defense_evasiondiscoverypersistenceprivilege_escalation
    behavioral5

    • Target

      cve_2024_6387/arm7

    • Size

      4.9MB

    • MD5

      c2e368e608090479ceb4bc9ce6e45081

    • SHA1

      d17e71b4448aa8a2a3a753cf867bff73371a4f1a

    • SHA256

      5123f1a56a5cbbb49840f41b8c5c7991b789a31cc5a3271b60805dabc40f71c6

    • SHA512

      d8553abb0720e9f3d812052accddc0eaaa6121a582ff0c8dc637377a70036f6f04ac990363279aeb2a82839610b3a29aaa8ddd0ec4eb5d2b110eaeeda3d7b68a

    • SSDEEP

      49152:4ozxe7ZxI0mFBDQ1WJ9OrA2lIlMMkinIy:4ote7ZxI0mFBDJSC

    Score
    7/10
    defense_evasiondiscoverypersistenceprivilege_escalation
    behavioral6

    • Target

      cve_2024_6387/execute_and_cleanup.sh

    • Size

      926B

    • MD5

      1f452448cea986aedc88ba50d48691f7

    • SHA1

      98cee6d3b4a210be77fa4a458b06b805fa781bd7

    • SHA256

      67564d4a3ad079b6ec430193d5a60ce67df4d13409387fd074fd10d921fda20e

    • SHA512

      e11bb1ee0a50674550e3710c0e9670d2fe15b53f450bbc54d5dcc511999114f5e21aa0ee396c6b2e9e85fd2afe9078ca16b128e563f2b8acb9167d693e63183a

    Score
    7/10
    defense_evasiondiscovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion
    behavioral10behavioral7behavioral8behavioral9

    • Target

      cve_2024_6387/exploit

    • Size

      25KB

    • MD5

      f193bb5eea79af7e478455631cf17527

    • SHA1

      7e6a1e4dfb2d932506b88b58d5bb4f254b762680

    • SHA256

      b4da58b9f0d598af9eeb0e9cc1f80534cf9f06dbd214d2e86937ffc2d8f9e0fa

    • SHA512

      b1896ad8aedf361927006bd7e9295f170283b7eacf47e36d28cd428370afb792e37e19371e01e3084a321ee4ced6b01ada19d02765365b5db38154bc814bf018

    • SSDEEP

      768:AFTaLRRH7EfXvn/3PHfXvn/3PHfXlwPd9ousm:GTqRRswPdDsm

    Score
    7/10
    discoveryexecutionpersistenceprivilege_escalatio

    • Executes dropped EXE

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalatio

    • Writes file to system bin folder

    behavioral11

    • Target

      cve_2024_6387/exploit.py

    • Size

      1KB

    • MD5

      bdfe770350fccbb55fadf834fa52e4c5

    • SHA1

      985109c80b184d59c19c83faf0bfe593524b8374

    • SHA256

      1314fbdc8aa6153b27be3373b7cf83dbe0ad0d1dce853c466bf8372f2fe21936

    • SHA512

      1ed063d25a295ae20f0182843339107112760fda99d7d1a2c3fef0fc73a411c689965558675f5100329649de7f8a4940e69e2255e2a5b70adb021f9bfe5cb7fa

    Score
    3/10
    discovery
    behavioral12behavioral13

    • Target

      cve_2024_6387/mips

    • Size

      5.6MB

    • MD5

      35baf8244b9e96bae7a9a97df0c61188

    • SHA1

      c514efc4b6d0fe0672f6ddb30609a59587ac04d4

    • SHA256

      b51432d075111f86ee327fb9aa7aa7007b7ec35e4821f7308cf40029943719f7

    • SHA512

      8b73cf3a6ad9e6443fdd59ea00be182cb77816cefb54109cb489469c3eda9283b575a1b5f45336464309557911f19c4fc8ec2988413046f108cca92b74e028e6

    • SSDEEP

      49152:5QO0LQyjgECLOOVb3RZICE3Zxnw4RLjvAJ0ZHYVw/1W4aU5mPkIpWgT8IDw9bkpf:WRo7DpkRSmvnG

    Score
    3/10
    discovery
    behavioral14

    • Target

      cve_2024_6387/mips64

    • Size

      5.6MB

    • MD5

      77713ed77e1c6c1dff19fc606bd95947

    • SHA1

      28f80872f1aba0e3007e002388d057bb2329f407

    • SHA256

      f0037a89933e1cecc1b05f86b31cfa80cc43fa445fafb9665a154147ff945a9e

    • SHA512

      37d03ec8986e6363dce81a65555dee3a6b2249afdd9b7363e4fa0f0545e262554e42b5001b50535a997ac4583d07158740b09a2a27edf4bb4e11ce02308039d9

    • SSDEEP

      49152:zwXkVn7b1DCuG3EG6Vxr92+A9zSyG3wfQ7vHH+:zwX+bY+a43wfQ7vn+

    Score
    3/10
    discovery
    behavioral15

    • Target

      cve_2024_6387/mips64el

    • Size

      5.6MB

    • MD5

      41fc3137fe26d26f72c7d6c48dae8f36

    • SHA1

      71183310d0d00caa421a058d52e37d7ad8fc46eb

    • SHA256

      24681f0fe7b0a03406f6b2035ed39df95e265d097220a62f83c755db62d86d47

    • SHA512

      3ed28b5d49bfb59348d2bee2f00265d0dd81483f63612eb01f2595b6f01e6d92c04d218a17731afb385729d70cfc3e5a66327086e4fbd3d353811329575a479a

    • SSDEEP

      49152:Kjv4GjPXgGIsb7Hw3YPHvMtDpdwlHIWBZOaQdopsqR+f55TWoLwrq2+ZRb2yv0GK:Kjv4GjPXgGIsb7Hw3aH0t/aQdopfSPWl

    Score
    3/10
    discovery
    behavioral16

    • Target

      cve_2024_6387/mipsel

    • Size

      5.6MB

    • MD5

      4ffce2d01ec451f990369781dc98d1b4

    • SHA1

      a67a00f6cb7f003504fe28d3265392a482727e0f

    • SHA256

      d0c443e61a1f050728572f6417261efc67b43e09b785c90d1ddca8214cdb3583

    • SHA512

      3a91c2f221e2ad50e6b01709d490c07e57b735aa415b2acfb49519ed6eac94509a182fcd68df91953b9d8f53ea0bbea2dd58730f192bfd4ad19d243d9de185bd

    • SSDEEP

      49152:Aur3a8E7Hc+zXubT3xFwLtVtNu9OKpjfsF:ZSbc+zXtEe

    Score
    3/10
    discovery
    behavioral17

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Persistence

Boot or Logon Autostart Execution

2
T1547

Boot or Logon Initialization Scripts

1
T1037

RC Scripts

1
T1037.004

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Boot or Logon Initialization Scripts

1
T1037

RC Scripts

1
T1037.004

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Defense Evasion

File and Directory Permissions Modification

1
T1222

Linux and Mac File and Directory Permissions Modification

1
T1222.002

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Impair Defenses

1
T1562

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

Score
1/10

behavioral1

discoveryrootkit
Score
7/10

behavioral2

discoveryexecutionpersistenceprivilege_escalatio
Score
7/10

behavioral3

defense_evasiondiscoveryinfostealerpersistenceprivilege_escalation
Score
7/10

behavioral4

defense_evasiondiscoverypersistenceprivilege_escalation
Score
7/10

behavioral5

defense_evasiondiscoverypersistenceprivilege_escalation
Score
7/10

behavioral6

defense_evasiondiscoverypersistenceprivilege_escalation
Score
7/10

behavioral7

defense_evasiondiscovery
Score
7/10

behavioral8

defense_evasiondiscovery
Score
7/10

behavioral9

defense_evasiondiscovery
Score
7/10

behavioral10

defense_evasiondiscovery
Score
7/10

behavioral11

discoveryexecutionpersistenceprivilege_escalatio
Score
7/10

behavioral12

discovery
Score
3/10

behavioral13

Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10