X86_64

General
Target

X86_64

Size

79KB

Sample

210927-xmgw8ahgf6

Score
9 /10
MD5

28007c7ac1c6c2880279aeaab2c25f17

SHA1

ac64ad6324ac4ccf079dfd4c8255d1cbf3175306

SHA256

5fa70a36cc2ac68dfe216e4007848b7e90722a82acc7ca1778780b7393b3f735

SHA512

d8b63bd73cd59f852723fdf58ea661a56bb1924746b8c4b0a9ca609cc02a532d51b3d51ccbcc798b6f734365377bbef1cf5bd706f7359f560386855ed14f7547

Malware Config
Targets
Target

X86_64

MD5

28007c7ac1c6c2880279aeaab2c25f17

Filesize

79KB

Score
9 /10
SHA1

ac64ad6324ac4ccf079dfd4c8255d1cbf3175306

SHA256

5fa70a36cc2ac68dfe216e4007848b7e90722a82acc7ca1778780b7393b3f735

SHA512

d8b63bd73cd59f852723fdf58ea661a56bb1924746b8c4b0a9ca609cc02a532d51b3d51ccbcc798b6f734365377bbef1cf5bd706f7359f560386855ed14f7547

Signatures

  • Modifies the Watchdog daemon

    Description

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    TTPs

  • Reads system routing table

    Description

    Gets active network interfaces from /proc virtual filesystem.

    TTPs

    System Network Configuration Discovery
  • Reads system network configuration

    Description

    Uses contents of /proc filesystem to enumerate network settings.

    TTPs

    System Network Configuration Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        9/10

                        behavioral2

                        1/10

                        behavioral3

                        1/10