General
-
Target
29d6ef7365c18d243163a648fa6cd697
-
Size
7.4MB
-
Sample
241126-cn43xsvrak
-
MD5
29d6ef7365c18d243163a648fa6cd697
-
SHA1
b5ec51ae8d64810119ac8f1f2ae84448af31c5a7
-
SHA256
781b4790834757804bd0e80ce5d8180155cac6fc8952cd03d8f824ccba376058
-
SHA512
5293e12d84d9206ca8c83c0c267c315a5a2203b65352e8b0577a98fa5254a1d9e8f992c6cf1ab58d8fa0b27c1d17180a2345f782b10df102369ffa348f646e87
-
SSDEEP
98304:Ottb0X3CaShBKEg+qqDX1uUxqbVeux+ElLZqAVCAwZ:aSCaShBBcXeyjpcAQZ
Static task
static1
Behavioral task
behavioral1
Sample
29d6ef7365c18d243163a648fa6cd697
Resource
ubuntu2204-amd64-20240522.1-en
Malware Config
Targets
-
-
Target
29d6ef7365c18d243163a648fa6cd697
-
Size
7.4MB
-
MD5
29d6ef7365c18d243163a648fa6cd697
-
SHA1
b5ec51ae8d64810119ac8f1f2ae84448af31c5a7
-
SHA256
781b4790834757804bd0e80ce5d8180155cac6fc8952cd03d8f824ccba376058
-
SHA512
5293e12d84d9206ca8c83c0c267c315a5a2203b65352e8b0577a98fa5254a1d9e8f992c6cf1ab58d8fa0b27c1d17180a2345f782b10df102369ffa348f646e87
-
SSDEEP
98304:Ottb0X3CaShBKEg+qqDX1uUxqbVeux+ElLZqAVCAwZ:aSCaShBBcXeyjpcAQZ
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Indicator Removal
1Clear Linux or Mac System Logs
1Virtualization/Sandbox Evasion
3System Checks
3Credential Access
OS Credential Dumping
2/etc/passwd and /etc/shadow
1Proc Filesystem
1