Overview

overview

9

Static

static

c0853f1c28...ac7134

linux_amd64

c0853f1c28...ac7134

linux_mipsel

c0853f1c28...ac7134

linux_mips

9

Analysis

  • max time kernel
    0s
  • max time network
    77s
  • platform
    linux_mips
  • resource
    debian9-mipsbe
  • submitted
    27-07-2021 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0853f1c286493bac050426c11ac7134

  • Size

    87KB

  • MD5

    c0853f1c286493bac050426c11ac7134

  • SHA1

    8c2968f39bb536e453957a025a901b09c03676c8

  • SHA256

    eccdc58f3ff38c4382bc1f9a99b78b246795b176a117755ca2193487bf977778

  • SHA512

    8871bfee5f435731d93dc41ee3ee2f819ddd2e9ed8372174acaf572e138e440b61489fefcb45722958457046af3484640a747febd208aefa01810f2f48432ea8

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 26 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • ./c0853f1c286493bac050426c11ac7134
    ./c0853f1c286493bac050426c11ac7134
    1⤵
      PID:341

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Impair Defenses

    1
    T1562

    Credential Access

    Discovery

    System Network Connections Discovery

    1
    T1049

    System Network Configuration Discovery

    1
    T1016

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads