Overview

overview

9

Static

static

5d377df2e4...204ad9

linux_amd64

5d377df2e4...204ad9

linux_mipsel

5d377df2e4...204ad9

linux_mips

9

5d377df2e4...204ad9

linux_armhf

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d377df2e425b80d10d6aa6edb204ad9

  • Size

    30KB

  • Sample

    211205-z7bbaafga9

  • MD5

    5d377df2e425b80d10d6aa6edb204ad9

  • SHA1

    fa7b5bc8d56da4a6d7b532a905cb8a84c003ff97

  • SHA256

    4976e24dd32d66ac356cef62e381057f5eaeec92cfa3b8af4ad0aa4e3119f228

  • SHA512

    1f090d59729d3bf4449a4b9d8c9d54b839e4922a795184b50e8c8b28035708f0e08b9397bf68a6f8463c330bb45b6eca1077fbc6c79e57bb8628165f2d83091b

Score
9/10
linux

Malware Config

Targets

    • Target

      5d377df2e425b80d10d6aa6edb204ad9

    • Size

      30KB

    • MD5

      5d377df2e425b80d10d6aa6edb204ad9

    • SHA1

      fa7b5bc8d56da4a6d7b532a905cb8a84c003ff97

    • SHA256

      4976e24dd32d66ac356cef62e381057f5eaeec92cfa3b8af4ad0aa4e3119f228

    • SHA512

      1f090d59729d3bf4449a4b9d8c9d54b839e4922a795184b50e8c8b28035708f0e08b9397bf68a6f8463c330bb45b6eca1077fbc6c79e57bb8628165f2d83091b

    Score
    9/10

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks