General

  • Target

    loligang.mips

  • Size

    87KB

  • Sample

    210508-6cnc3v61ln

  • MD5

    1d525662030f84350652a546b807f971

  • SHA1

    bf27ab4f758e708cee00bc0ff04b31532d742ede

  • SHA256

    cd6691aea67ec9cca45df0d52bd349598e9eba523991958db601676cb6141c64

  • SHA512

    a6263383047ab45e1877b189f8776c285147bde324e3c07e63677ec30ebaad4a38df1bedad15b04d039afd37839d0b45a6d822d51bac84da8eaa5c89a46c7f55

Score
9/10

Malware Config

Targets

    • Target

      loligang.mips

    • Size

      87KB

    • MD5

      1d525662030f84350652a546b807f971

    • SHA1

      bf27ab4f758e708cee00bc0ff04b31532d742ede

    • SHA256

      cd6691aea67ec9cca45df0d52bd349598e9eba523991958db601676cb6141c64

    • SHA512

      a6263383047ab45e1877b189f8776c285147bde324e3c07e63677ec30ebaad4a38df1bedad15b04d039afd37839d0b45a6d822d51bac84da8eaa5c89a46c7f55

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Impair Defenses

1
T1562

Discovery

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Tasks