General
-
Target
19991040084.zip
-
Size
53KB
-
Sample
241125-k7m8hsyrgx
-
MD5
eb8049b9d9b2c3d656c30461827be719
-
SHA1
6c2582c9fee823eebb682ab81ac6701e9ee9c736
-
SHA256
35cd367a1fb9c6d29e748b51e42ed8ceee321a1f874aafacc4af3e663049234f
-
SHA512
f4daa7b837439df4f3739fb6bf35bc95c23081940b87ef32cf43a7c090d4a6e252d34dc3dc42f34be4054ca6501cfc821c2dc7a989c10f0a405cf1a6c71da08f
-
SSDEEP
768:dUdRKtdVif0LYmRhQfLs6pWz+YfZZiTWodjXD+nofJ3exF7YI1i5XkH0Am3Dc:dUdRmdVifuYN0yiOWodjXdUxFJ1XHQQ
Malware Config
Targets
-
-
Target
e4c012d14546fb6fa83fdd580a58eaf10e69547189a3b6efecb6ea0ce9dd3911
-
Size
100KB
-
MD5
e2adaf039ccb25c18bed0380f39a44ae
-
SHA1
b40bc45b95bbdf554ed54297ef622346ab78ecec
-
SHA256
e4c012d14546fb6fa83fdd580a58eaf10e69547189a3b6efecb6ea0ce9dd3911
-
SHA512
481e88ba4f2a818e2afb1a0f028cd7bc9762e6dab5e18e59498796a6737523f4be328154cca6f03a80ea65347f5d21f42ba561f50a1a183d96e52418403e94c4
-
SSDEEP
3072:JTtjITLKA+S9iQWNZmgn1DHX1DjFjHtvwllBWs:JTdITLKvln1DJjdHFQlf
Score7/10-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Privilege Escalation
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1