General

  • Target

    0707b33a18638e5b60c5995a63154acd7d11b675ae40843be20acd7086d73d02.elf

  • Size

    101KB

  • Sample

    241128-ch39fawqck

  • MD5

    51da5dd79f6cfe9df98ca068c89d23b0

  • SHA1

    245eaa806f32f0f01f89e27d95fc73faec664e57

  • SHA256

    0707b33a18638e5b60c5995a63154acd7d11b675ae40843be20acd7086d73d02

  • SHA512

    ff73416673c673ab71f6c646bf0fa6a90938a28ec9eede8f69f0e0f5faa7100b0be18450ffc85abb87d7892c16db73842eaad20fdcebd3da3d61481cf1248937

  • SSDEEP

    3072:C/oygSdxDwLENLgpk4mL12vLccbarTx/j9:0oygSdxkEgQ2x4TFh

Malware Config

Targets

    • Target

      0707b33a18638e5b60c5995a63154acd7d11b675ae40843be20acd7086d73d02.elf

    • Size

      101KB

    • MD5

      51da5dd79f6cfe9df98ca068c89d23b0

    • SHA1

      245eaa806f32f0f01f89e27d95fc73faec664e57

    • SHA256

      0707b33a18638e5b60c5995a63154acd7d11b675ae40843be20acd7086d73d02

    • SHA512

      ff73416673c673ab71f6c646bf0fa6a90938a28ec9eede8f69f0e0f5faa7100b0be18450ffc85abb87d7892c16db73842eaad20fdcebd3da3d61481cf1248937

    • SSDEEP

      3072:C/oygSdxDwLENLgpk4mL12vLccbarTx/j9:0oygSdxkEgQ2x4TFh

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks