General

  • Target

    15e3c06b1336e32a63e76f7a3187a76dd983798fce9e51768a9d094c30279f0d.elf

  • Size

    97KB

  • Sample

    241125-clv28ssnbz

  • MD5

    ff8676945216de843467f3692d812167

  • SHA1

    1a3a94c34cdf8da17711df48900ac212595e755f

  • SHA256

    15e3c06b1336e32a63e76f7a3187a76dd983798fce9e51768a9d094c30279f0d

  • SHA512

    06cf6fe81d421463421421929f5a3843d78831d5b7431cc9d613e0def1ed9358f2e4fde159ff20b74695e786f2c6d4f5643350a53b2f9a77d677a1b29219004e

  • SSDEEP

    3072:hrdjq7aGMTxRRxrQ7Cdz6J3z7+RopvRDt0zN:hrde7aGMFRRxrQ7Cdz2/Jr4

Malware Config

Targets

    • Target

      15e3c06b1336e32a63e76f7a3187a76dd983798fce9e51768a9d094c30279f0d.elf

    • Size

      97KB

    • MD5

      ff8676945216de843467f3692d812167

    • SHA1

      1a3a94c34cdf8da17711df48900ac212595e755f

    • SHA256

      15e3c06b1336e32a63e76f7a3187a76dd983798fce9e51768a9d094c30279f0d

    • SHA512

      06cf6fe81d421463421421929f5a3843d78831d5b7431cc9d613e0def1ed9358f2e4fde159ff20b74695e786f2c6d4f5643350a53b2f9a77d677a1b29219004e

    • SSDEEP

      3072:hrdjq7aGMTxRRxrQ7Cdz6J3z7+RopvRDt0zN:hrde7aGMFRRxrQ7Cdz2/Jr4

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks