General
-
Target
20088732460.zip
-
Size
53KB
-
Sample
241125-k75skavrgr
-
MD5
b1ad990f6bbfad456dcc566ad7cfbb27
-
SHA1
de7c042951dcf25ec37e662ddc4fbda31e89fbde
-
SHA256
507ec5c385c79678e40503214c8e917c9ab419fcda0f86b2aa1ff4fdadb0f7e6
-
SHA512
9dfa123343ee5cb0aa1dbc5ce386788b87a012c9147b644dfae163398479a05053de0a7cd2ee38d4cb4dcd23659fac45f3b1012e46bd60d055ae18abfd92b79b
-
SSDEEP
1536:Yp3e2oosmG/tQw3yJGDTilZJwpGJwfgHFcKZ0jg1m:rBmUiJGDTijEIHLk
Malware Config
Targets
-
-
Target
1518d9364ae6362a9dc3e7cc7d103e515ea7b1c0aaca74f80062ba9f7436450e
-
Size
100KB
-
MD5
d0ceffd3b00587a2c593806f9b849cef
-
SHA1
c31438ddf15aa1ef49d540cd4faa6e78b874b313
-
SHA256
1518d9364ae6362a9dc3e7cc7d103e515ea7b1c0aaca74f80062ba9f7436450e
-
SHA512
ccb83ebbe4d7dd58cb8a0ca5f2b8ff698c2190f3dca75c01c7b1134dfe043844c88908c6ee82024751c6ca2ed3a35b89d5237bcec12275135b8f9644d26baffa
-
SSDEEP
1536:QUx8tzU06/iuN/G13HAswGz/gxi2pm5GA1KXUjmM1j6l3h+AWwh0f:Qc8tzUS4/N/wg82pm91KXUjhj6pIAQf
Score9/10-
Contacts a large (27175) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Privilege Escalation
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1