General

  • Target

    install_cloud.sh

  • Size

    9KB

  • Sample

    250328-pr2s7axpv6

  • MD5

    54a6dc25ac6a1e71d8b2168db0d3e27f

  • SHA1

    97a9146fc9349f365beae6aea4bf7258d63e2f93

  • SHA256

    2ae7255eedd7f4d39a999f57209497235d632e543356e34f634ce90522d2b2b2

  • SHA512

    d9ad9672052076d2cbc43ec6f08e0d9fe759f4efbf66d8fdd32fed21c3861225b40c3a3aa87a4ddc5388198cb0dc7fc85fd686f19bce14a25e4070ebf53c4c1c

  • SSDEEP

    192:FvSgVoI18Byt8rHmUiBTYGv/n4C5B4Ps136Dx9/3Gc8Y6DRAml1906Y:FKgWe8Byt8XGv/n4C5B4PsV6DvCVAqS

Malware Config

Targets

    • Target

      install_cloud.sh

    • Size

      9KB

    • MD5

      54a6dc25ac6a1e71d8b2168db0d3e27f

    • SHA1

      97a9146fc9349f365beae6aea4bf7258d63e2f93

    • SHA256

      2ae7255eedd7f4d39a999f57209497235d632e543356e34f634ce90522d2b2b2

    • SHA512

      d9ad9672052076d2cbc43ec6f08e0d9fe759f4efbf66d8fdd32fed21c3861225b40c3a3aa87a4ddc5388198cb0dc7fc85fd686f19bce14a25e4070ebf53c4c1c

    • SSDEEP

      192:FvSgVoI18Byt8rHmUiBTYGv/n4C5B4Ps136Dx9/3Gc8Y6DRAml1906Y:FKgWe8Byt8XGv/n4C5B4PsV6DvCVAqS

    • Modifies password files for system users/ groups

      Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Modifies sudoers policy

      Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Adds a user to the system

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Deletes log files

      Deletes log files on the system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Writes file to system bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks