Analysis
-
max time kernel
0s -
max time network
77s -
platform
linux_mips -
resource
debian9-mipsbe -
submitted
27-07-2021 19:28
Static task
static1
Behavioral task
behavioral1
Sample
c0853f1c286493bac050426c11ac7134
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
c0853f1c286493bac050426c11ac7134
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
c0853f1c286493bac050426c11ac7134
Resource
debian9-mipsbe
General
-
Target
c0853f1c286493bac050426c11ac7134
-
Size
87KB
-
MD5
c0853f1c286493bac050426c11ac7134
-
SHA1
8c2968f39bb536e453957a025a901b09c03676c8
-
SHA256
eccdc58f3ff38c4382bc1f9a99b78b246795b176a117755ca2193487bf977778
-
SHA512
8871bfee5f435731d93dc41ee3ee2f819ddd2e9ed8372174acaf572e138e440b61489fefcb45722958457046af3484640a747febd208aefa01810f2f48432ea8
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 26 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/ /proc/ /proc/226/fd /proc/226/fd /proc/313/fd /proc/313/fd /proc/345/fd /proc/345/fd /proc/346/fd /proc/346/fd /proc/1/fd /proc/1/fd /proc/260/fd /proc/260/fd /proc/314/fd /proc/314/fd /proc/335/fd /proc/335/fd /proc/348/fd /proc/348/fd /proc/343/exe /proc/343/exe /proc/140/fd /proc/140/fd /proc/157/fd /proc/157/fd /proc/218/fd /proc/218/fd /proc/255/fd /proc/255/fd /proc/283/fd /proc/283/fd /proc/297/fd /proc/297/fd /proc/331/fd /proc/331/fd /proc/338/fd /proc/338/fd /proc/228/fd /proc/228/fd /proc/230/fd /proc/230/fd /proc/231/fd /proc/231/fd /proc/254/fd /proc/254/fd /proc/300/fd /proc/300/fd /proc/343/fd /proc/343/fd /proc/350/fd /proc/350/fd