General

  • Target

    6c7dccc2dd1f572db4ef853c81f88ac291f87025ff8c8f94a7d020b5730a7fa6.sh

  • Size

    15KB

  • Sample

    250224-dgv24szkfm

  • MD5

    492fabefcc0ff5eaea8d33b88a00b59f

  • SHA1

    67462b1ed4c17bfc373a7bc031834e7e1c811b5a

  • SHA256

    6c7dccc2dd1f572db4ef853c81f88ac291f87025ff8c8f94a7d020b5730a7fa6

  • SHA512

    fc41d904d513769ee8f50c932239621de3e0f3709494609c16e3b853edb7fe32ceee89094594bbc70ded76089ad76b178b6343693c9e733992fc1e48905f3562

  • SSDEEP

    384:r5JxgzLuqlH2wx2vUaQa5/eN86704s80ooJQYgykWT4yCtvUsDjdWOoJwl:trgXux7YJDj8OoJwl

Malware Config

Targets

    • Target

      6c7dccc2dd1f572db4ef853c81f88ac291f87025ff8c8f94a7d020b5730a7fa6.sh

    • Size

      15KB

    • MD5

      492fabefcc0ff5eaea8d33b88a00b59f

    • SHA1

      67462b1ed4c17bfc373a7bc031834e7e1c811b5a

    • SHA256

      6c7dccc2dd1f572db4ef853c81f88ac291f87025ff8c8f94a7d020b5730a7fa6

    • SHA512

      fc41d904d513769ee8f50c932239621de3e0f3709494609c16e3b853edb7fe32ceee89094594bbc70ded76089ad76b178b6343693c9e733992fc1e48905f3562

    • SSDEEP

      384:r5JxgzLuqlH2wx2vUaQa5/eN86704s80ooJQYgykWT4yCtvUsDjdWOoJwl:trgXux7YJDj8OoJwl

    • Kinsing

      Kinsing is a loader written in Golang.

    • Kinsing Rootkit

      Rootkit reuses the publicly available BEURK rootkit.

    • Kinsing Rootkit payload

    • Kinsing family

    • Kinsing payload

    • Kinsing_rootkit family

    • Modifies the dynamic linker configuration file

      Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.