General

  • Target

    29d6ef7365c18d243163a648fa6cd697

  • Size

    7.4MB

  • Sample

    241126-cn43xsvrak

  • MD5

    29d6ef7365c18d243163a648fa6cd697

  • SHA1

    b5ec51ae8d64810119ac8f1f2ae84448af31c5a7

  • SHA256

    781b4790834757804bd0e80ce5d8180155cac6fc8952cd03d8f824ccba376058

  • SHA512

    5293e12d84d9206ca8c83c0c267c315a5a2203b65352e8b0577a98fa5254a1d9e8f992c6cf1ab58d8fa0b27c1d17180a2345f782b10df102369ffa348f646e87

  • SSDEEP

    98304:Ottb0X3CaShBKEg+qqDX1uUxqbVeux+ElLZqAVCAwZ:aSCaShBBcXeyjpcAQZ

Malware Config

Targets

    • Target

      29d6ef7365c18d243163a648fa6cd697

    • Size

      7.4MB

    • MD5

      29d6ef7365c18d243163a648fa6cd697

    • SHA1

      b5ec51ae8d64810119ac8f1f2ae84448af31c5a7

    • SHA256

      781b4790834757804bd0e80ce5d8180155cac6fc8952cd03d8f824ccba376058

    • SHA512

      5293e12d84d9206ca8c83c0c267c315a5a2203b65352e8b0577a98fa5254a1d9e8f992c6cf1ab58d8fa0b27c1d17180a2345f782b10df102369ffa348f646e87

    • SSDEEP

      98304:Ottb0X3CaShBKEg+qqDX1uUxqbVeux+ElLZqAVCAwZ:aSCaShBBcXeyjpcAQZ

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Deletes log files

      Deletes log files on the system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks