This blog post comes from the “Cylance Ransomware Technical Analysis Report” by the Brandefense Research Team. For more details about the analysis, download the report.
Scope
The report analyzes the executable file of Cylance ransomware targeting Linux systems, but there is also a version targeting Windows operating systems.
Overview
File Name: d1ba6260e2c6bf82be1d6815e19a1128aa0880f162a0691f667061c8fe8f1b2c.elf
MD5: 4601076b807ed013844ac7e8a394eb33
SHA-1: 933ad0a7d9db57b92144840d838f7b10356c7e51
SHA256: d1ba6260e2c6bf82be1d6815e19a1128aa0880f162a0691f667061c8fe8f1b2c
Penetratin Into System
Attackers looking to infiltrate servers and IoT platforms using ELF malware cannot rely on end-user interaction or phishing emails to install malware on their behalf, a widely expected behavior on Windows systems. This is because Linux environments are used in server and/or IoT devices with little end-user interaction, and attackers target these environments.
Below, we have outlined how ELF malware can potentially infect systems.
- Exploiting the Vulnerabilities
Attackers will target vulnerable and unpatched publicly available services or application components to gain access to systems. In addition to vulnerabilities, misconfigurations implemented on the services can also provide an entry point for attackers using ELF malware.
- Usage of Compromised Credentials
The attacker can use default or compromised credentials to access the system. Techniques such as password spraying and brute force are frequently used for this.
Conclusion
The lack of a data leak site or support page, as with popular ransomware, suggests that the ransomware analyzed is still in its early stages, but given the increase in ransomware attacks targeting both Windows and Linux systems, it is thought that threat actors are trying to catch up with the trend.
Download YARA Rules and IoCs from GitHub.
This blog post comes from the “Mystic Stealer Technical Analysis Report” by the Brandefense Research Team. For more details about the analysis, download the report.
