General
-
Target
150dc9ae7c5729552ec2e92a7bc49095.bin
-
Size
10KB
-
Sample
240701-bheqeavcnn
-
MD5
679cb967cc9556358e2392e61e6fca0b
-
SHA1
a7bdc0998c35987a3e7e3e5f7b14094597fcc5d9
-
SHA256
f5750ae6109ca43fc8cf3a3a82f58cb3fd3cdca9efa6616707c5c2e6297b22e9
-
SHA512
43e4d3a3979b6029964781190ea56a9b1b3e379a3d8af976253d470a42144d334f684a7d984eab347c07467c8e52d0917d4e69cd03a3722b37b29bae958d3ef2
-
SSDEEP
192:p21Hw/xuT3/s80G6FExmPCPcKRC2MXdqLk1cIJsc7L21:p2a/a3kFemaHC2Moc7L21
Static task
static1
Behavioral task
behavioral1
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
Resource
debian9-mipsel-20240611-en
Malware Config
Targets
-
-
Target
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
-
Size
46KB
-
MD5
150dc9ae7c5729552ec2e92a7bc49095
-
SHA1
2aed6d97f2c3400e1eb7e136e245a6f45ef4ae1f
-
SHA256
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
-
SHA512
13c40ba893a9f7a0f3e674400025f65e041e91f09b6def779078e391e35a3dedaf55742e68ae0b9b6f3c9120c1628266fb16348b674e988d146ed3d7b2c3f9c7
-
SSDEEP
768:bxlT2wDuWvWi7JFNcuFkc2zq0x3UKnicZuiR/amT8z:8wF+Lc2/FicfSmT8z
-
XMRig Miner payload
-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Deletes log files
Deletes log files on the system.
-
Disables AppArmor
Disables AppArmor security module.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Scheduled Task/Job
1Boot or Logon Autostart Execution
1Hijack Execution Flow
2Privilege Escalation
Scheduled Task/Job
1Boot or Logon Autostart Execution
1Hijack Execution Flow
2