General
-
Target
0707b33a18638e5b60c5995a63154acd7d11b675ae40843be20acd7086d73d02.elf
-
Size
101KB
-
Sample
241128-ch39fawqck
-
MD5
51da5dd79f6cfe9df98ca068c89d23b0
-
SHA1
245eaa806f32f0f01f89e27d95fc73faec664e57
-
SHA256
0707b33a18638e5b60c5995a63154acd7d11b675ae40843be20acd7086d73d02
-
SHA512
ff73416673c673ab71f6c646bf0fa6a90938a28ec9eede8f69f0e0f5faa7100b0be18450ffc85abb87d7892c16db73842eaad20fdcebd3da3d61481cf1248937
-
SSDEEP
3072:C/oygSdxDwLENLgpk4mL12vLccbarTx/j9:0oygSdxkEgQ2x4TFh
Static task
static1
Behavioral task
behavioral1
Sample
0707b33a18638e5b60c5995a63154acd7d11b675ae40843be20acd7086d73d02.elf
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
0707b33a18638e5b60c5995a63154acd7d11b675ae40843be20acd7086d73d02.elf
-
Size
101KB
-
MD5
51da5dd79f6cfe9df98ca068c89d23b0
-
SHA1
245eaa806f32f0f01f89e27d95fc73faec664e57
-
SHA256
0707b33a18638e5b60c5995a63154acd7d11b675ae40843be20acd7086d73d02
-
SHA512
ff73416673c673ab71f6c646bf0fa6a90938a28ec9eede8f69f0e0f5faa7100b0be18450ffc85abb87d7892c16db73842eaad20fdcebd3da3d61481cf1248937
-
SSDEEP
3072:C/oygSdxDwLENLgpk4mL12vLccbarTx/j9:0oygSdxkEgQ2x4TFh
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Privilege Escalation
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1