General

  • Target

    19991040084.zip

  • Size

    53KB

  • Sample

    241125-lcylfazkg1

  • MD5

    eb8049b9d9b2c3d656c30461827be719

  • SHA1

    6c2582c9fee823eebb682ab81ac6701e9ee9c736

  • SHA256

    35cd367a1fb9c6d29e748b51e42ed8ceee321a1f874aafacc4af3e663049234f

  • SHA512

    f4daa7b837439df4f3739fb6bf35bc95c23081940b87ef32cf43a7c090d4a6e252d34dc3dc42f34be4054ca6501cfc821c2dc7a989c10f0a405cf1a6c71da08f

  • SSDEEP

    768:dUdRKtdVif0LYmRhQfLs6pWz+YfZZiTWodjXD+nofJ3exF7YI1i5XkH0Am3Dc:dUdRmdVifuYN0yiOWodjXdUxFJ1XHQQ

Malware Config

Targets

    • Target

      e4c012d14546fb6fa83fdd580a58eaf10e69547189a3b6efecb6ea0ce9dd3911

    • Size

      100KB

    • MD5

      e2adaf039ccb25c18bed0380f39a44ae

    • SHA1

      b40bc45b95bbdf554ed54297ef622346ab78ecec

    • SHA256

      e4c012d14546fb6fa83fdd580a58eaf10e69547189a3b6efecb6ea0ce9dd3911

    • SHA512

      481e88ba4f2a818e2afb1a0f028cd7bc9762e6dab5e18e59498796a6737523f4be328154cca6f03a80ea65347f5d21f42ba561f50a1a183d96e52418403e94c4

    • SSDEEP

      3072:JTtjITLKA+S9iQWNZmgn1DHX1DjFjHtvwllBWs:JTdITLKvln1DJjdHFQlf

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks