General

  • Target

    d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a.elf

  • Size

    83KB

  • Sample

    210419-ch76tp3y3j

  • MD5

    b8ed2cb3e9fedec5b164ce84ad5a08d0

  • SHA1

    b45ef9ad0a29b0a402d1613b10c3f6e95686230c

  • SHA256

    d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a

  • SHA512

    98aa6abf6bc6b27ea2833122c468e436c267ef40c5ecbbd6446174d0859920e7b7bbcec617e12d7aa9e89e0492e5dcf4cf49a6208e7252fd0619047818454a31

Score
9/10

Malware Config

Targets

    • Target

      d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a.elf

    • Size

      83KB

    • MD5

      b8ed2cb3e9fedec5b164ce84ad5a08d0

    • SHA1

      b45ef9ad0a29b0a402d1613b10c3f6e95686230c

    • SHA256

      d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a

    • SHA512

      98aa6abf6bc6b27ea2833122c468e436c267ef40c5ecbbd6446174d0859920e7b7bbcec617e12d7aa9e89e0492e5dcf4cf49a6208e7252fd0619047818454a31

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks