General
-
Target
20104338898.zip
-
Size
53KB
-
Sample
241125-k71hvavrgn
-
MD5
8e3286daeaa2ca7de2d1a43b823b6408
-
SHA1
8e7c1c4c3ce098cdc7b5b48faea294fe30af6812
-
SHA256
4bafa66638b4631077e617f850abdec293c5cde65cd12d247bca0c5b029e8357
-
SHA512
77cf02815403e0be1ad81be4ae9b424028b62a9b5c485f98a3a23a8d86d8b6cbbf3c11d0dab5a9fea77081b7e3730d1a821fbb4a6892f476a4f4f28d369c5d09
-
SSDEEP
768:4Lm5ySG9wCd9BB7jjRXsawvALYaeXRlbTYhI+1pnzvoVWdiueWP4zHZRKFhTQ9ym:4LVSawCdJ7jZTY5jQI+tkei5Hqb09F
Malware Config
Targets
-
-
Target
0eacebfc0fea73dbe895d481deb9258ac8b8ac9203cbc56cf90fdf6a9eb01e90
-
Size
100KB
-
MD5
bc4f7b6b809716973dc96fb6a79f93ea
-
SHA1
6b657f8958d7bf6f5e4a074252aaa24fcbca4e0c
-
SHA256
0eacebfc0fea73dbe895d481deb9258ac8b8ac9203cbc56cf90fdf6a9eb01e90
-
SHA512
de632b38e37ea1148446a54d771145fef83867f47e6f9c6da0f8e634ccb9d2374c43ea5b611889f8aed93da6e09b0cf4a91a477619ca904bccbf575655c55622
-
SSDEEP
3072:btjVQMkmWGs5W3gGdpmO1DHXcEm0lxXF2w7QkH:bdVQMk6sor1Dc0TX0h
Score9/10-
Contacts a large (28780) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Privilege Escalation
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1