Extracted

• • Target

    b18fd19ba74bb9322a684d9fceda45d57c587f6d2488b8b45a093531762d0020.elf

  • Size

    124KB

  • MD5

    2753bd027c47e340f8c86dd68384e07a

  • SHA1

    1da23843004df8c95c61775c9134a7202a1569aa

  • SHA256

    b18fd19ba74bb9322a684d9fceda45d57c587f6d2488b8b45a093531762d0020

  • SHA512

    def2bf3bc23898118096313f80921ff1aa7ae971d3c8bd32476e865f0e4fb10230822f91a1dd524870fd8270f7df22adba372ec3aeaa8816d47a859fbcf7a5da

  • SSDEEP

    3072:Oxue61TMvUrvllA0F+6NcAphaDD65k+Lm5t4WthVz:A+vltZphaDgm5t4OhVz

  Score

  7^/10

  defense_evasiondiscoveryprivilege_escalation

  • Deletes Audit logs

    Deletes logs related to the Linux Audit framework.

    defense_evasion

  • Deletes itself

  • Deletes journal logs

    Deletes systemd journal logs. Likely to evade detection.

    defense_evasion

  • Deletes system logs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    defense_evasion

  • Flushes firewall rules

    Flushes/ disables firewall rules inside the Linux kernel.

    defense_evasion

  • Writes DNS configuration

    Writes data to DNS resolver config file.

  • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

    Abuse sudo or cached sudo credentials to execute code.

    privilege_escalationdefense_evasion

  • Deletes log files

    Deletes log files on the system.

    defense_evasion

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  behavioral1