General
-
Target
15e3c06b1336e32a63e76f7a3187a76dd983798fce9e51768a9d094c30279f0d.elf
-
Size
97KB
-
Sample
241125-clv28ssnbz
-
MD5
ff8676945216de843467f3692d812167
-
SHA1
1a3a94c34cdf8da17711df48900ac212595e755f
-
SHA256
15e3c06b1336e32a63e76f7a3187a76dd983798fce9e51768a9d094c30279f0d
-
SHA512
06cf6fe81d421463421421929f5a3843d78831d5b7431cc9d613e0def1ed9358f2e4fde159ff20b74695e786f2c6d4f5643350a53b2f9a77d677a1b29219004e
-
SSDEEP
3072:hrdjq7aGMTxRRxrQ7Cdz6J3z7+RopvRDt0zN:hrde7aGMFRRxrQ7Cdz2/Jr4
Static task
static1
Behavioral task
behavioral1
Sample
15e3c06b1336e32a63e76f7a3187a76dd983798fce9e51768a9d094c30279f0d.elf
Resource
ubuntu1804-amd64-20240508-en
Malware Config
Targets
-
-
Target
15e3c06b1336e32a63e76f7a3187a76dd983798fce9e51768a9d094c30279f0d.elf
-
Size
97KB
-
MD5
ff8676945216de843467f3692d812167
-
SHA1
1a3a94c34cdf8da17711df48900ac212595e755f
-
SHA256
15e3c06b1336e32a63e76f7a3187a76dd983798fce9e51768a9d094c30279f0d
-
SHA512
06cf6fe81d421463421421929f5a3843d78831d5b7431cc9d613e0def1ed9358f2e4fde159ff20b74695e786f2c6d4f5643350a53b2f9a77d677a1b29219004e
-
SSDEEP
3072:hrdjq7aGMTxRRxrQ7Cdz6J3z7+RopvRDt0zN:hrde7aGMFRRxrQ7Cdz2/Jr4
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Privilege Escalation
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1