2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6 | Triage

Submit
Reports

Overview

overview

9

Static

static

8

2e4506802a...b6.elf

linux_mips

9

Resubmissions

09-07-2021 14:36

210709-6lg5mtvdax 9

09-07-2021 14:30

210709-y4bheb71f6 8

09-07-2021 14:27

210709-akqez2tkz2 8

Sharing

General

Target

2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6.elf
Size

129KB
Sample

210709-6lg5mtvdax
MD5

fbe51695e97a45dc61967dc3241a37dc
SHA1

1ed14334b5b71783cd6ec14b8a704fe48e600cf0
SHA256

2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6
SHA512

c35eab56ba59beb2ec2b362e4d1aae734fadc2d9db1d720439337dcade13ec9c7b68da9d03821efc7277abaf9bace342ff35593373e04c67327d5f7db460ad8a

Score

9^/10

linux

Static task

static1

Behavioral task

behavioral1

Sample

2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6.elf

Resource

debian9-mipsbe

linux_mips

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6.elf
- Size
  
  129KB
- MD5
  
  fbe51695e97a45dc61967dc3241a37dc
- SHA1
  
  1ed14334b5b71783cd6ec14b8a704fe48e600cf0
- SHA256
  
  2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6
- SHA512
  
  c35eab56ba59beb2ec2b362e4d1aae734fadc2d9db1d720439337dcade13ec9c7b68da9d03821efc7277abaf9bace342ff35593373e04c67327d5f7db460ad8a
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy