General

  • Target

    20088732460.zip

  • Size

    53KB

  • Sample

    241125-lb3h1azkes

  • MD5

    b1ad990f6bbfad456dcc566ad7cfbb27

  • SHA1

    de7c042951dcf25ec37e662ddc4fbda31e89fbde

  • SHA256

    507ec5c385c79678e40503214c8e917c9ab419fcda0f86b2aa1ff4fdadb0f7e6

  • SHA512

    9dfa123343ee5cb0aa1dbc5ce386788b87a012c9147b644dfae163398479a05053de0a7cd2ee38d4cb4dcd23659fac45f3b1012e46bd60d055ae18abfd92b79b

  • SSDEEP

    1536:Yp3e2oosmG/tQw3yJGDTilZJwpGJwfgHFcKZ0jg1m:rBmUiJGDTijEIHLk

Malware Config

Targets

    • Target

      1518d9364ae6362a9dc3e7cc7d103e515ea7b1c0aaca74f80062ba9f7436450e

    • Size

      100KB

    • MD5

      d0ceffd3b00587a2c593806f9b849cef

    • SHA1

      c31438ddf15aa1ef49d540cd4faa6e78b874b313

    • SHA256

      1518d9364ae6362a9dc3e7cc7d103e515ea7b1c0aaca74f80062ba9f7436450e

    • SHA512

      ccb83ebbe4d7dd58cb8a0ca5f2b8ff698c2190f3dca75c01c7b1134dfe043844c88908c6ee82024751c6ca2ed3a35b89d5237bcec12275135b8f9644d26baffa

    • SSDEEP

      1536:QUx8tzU06/iuN/G13HAswGz/gxi2pm5GA1KXUjmM1j6l3h+AWwh0f:Qc8tzUS4/N/wg82pm91KXUjhj6pIAQf

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks