General

  • Target

    0f00c2e074c6284c556040012ef23357853ccac4ad1373d1dea683562dc24bca

  • Size

    611KB

  • Sample

    210719-8877zf5m8x

  • MD5

    349456ecaa1380a142f15810a8260378

  • SHA1

    02dd15ecdeedefd7a2f82ba0df38703a74489af3

  • SHA256

    0f00c2e074c6284c556040012ef23357853ccac4ad1373d1dea683562dc24bca

  • SHA512

    85d5dad44636f240be2943bc1e2ea0196af08ee778c4ebe055c237dffdc291ee34c4eedafc70d0c6dc6d8cdf2c48d1e296cf65c6bcbaa37e59fa276773961f0c

Score
9/10

Malware Config

Targets

    • Target

      0f00c2e074c6284c556040012ef23357853ccac4ad1373d1dea683562dc24bca

    • Size

      611KB

    • MD5

      349456ecaa1380a142f15810a8260378

    • SHA1

      02dd15ecdeedefd7a2f82ba0df38703a74489af3

    • SHA256

      0f00c2e074c6284c556040012ef23357853ccac4ad1373d1dea683562dc24bca

    • SHA512

      85d5dad44636f240be2943bc1e2ea0196af08ee778c4ebe055c237dffdc291ee34c4eedafc70d0c6dc6d8cdf2c48d1e296cf65c6bcbaa37e59fa276773961f0c

    Score
    9/10
    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Hijack Execution Flow

2
T1574

Scheduled Task

1
T1053

Boot or Logon Autostart Execution

1
T1547

Privilege Escalation

Hijack Execution Flow

2
T1574

Scheduled Task

1
T1053

Boot or Logon Autostart Execution

1
T1547

Defense Evasion

Hijack Execution Flow

2
T1574

Tasks