My experience as a freelance malware analyst

My friend who works as for a company . Lets call the company X . I cant post screenshots here as i was not allowed to take any . This incident happened 5–6 months ago so my memories are quite vague . He called me and asked how to handle the malware . The malware was exfiltrating data at very high speeds since the servers had high speed internet . I asked him to let me work on this as that thing was really exciting . He gave me the creds of proxmox admin panel after asking for permissions . The first thing that i did was ps . I didn’t see anything . At first i thought it was a masquerading malware . My friend also told me that the malware was surviving reboots . I then decided to check for files such as crontabs and init.d files and sure enough there was a suspicious file . Got the binary location got the sample . I also noticed that the malware removes itself from the location after certain period of time and moves to some other random directory with a different name and runs with a different name . It also modifies the startup scripts accordingly . There was also a malware at /dev/shm . Now according to me the hacker hacked some vulnerability . He then drops a malware at /dev/shm which is a tmpfs file system . The malware executes and starts data exfiltration . Sadly i did not get any sample

I am a hacker and ex-web developer . I sometime work as a freelance dev/hacker . Sometime I hunt bugs