General

  • Target

    trynagetmybinsufucker98575.arm7

  • Size

    52KB

  • Sample

    211206-yka7bsfabl

  • MD5

    b645a8e3e118e87c62a041e3e5c11352

  • SHA1

    6391f7cf9031f0830b4633fbb2111c1f2a2c9d77

  • SHA256

    408e2fb36e335cf5d9dad47bf66657a750128c2db4eec878fc0675fb09300a52

  • SHA512

    1b2dd7cb6aded3099679a8615f42620c3d6a55b4d176f593e60f891b07a73db0fed6466ee0453fef0f9522533ba9651df3a332f1d5b11c431f7726be2daa0779

Score
9/10

Malware Config

Targets

    • Target

      trynagetmybinsufucker98575.arm7

    • Size

      52KB

    • MD5

      b645a8e3e118e87c62a041e3e5c11352

    • SHA1

      6391f7cf9031f0830b4633fbb2111c1f2a2c9d77

    • SHA256

      408e2fb36e335cf5d9dad47bf66657a750128c2db4eec878fc0675fb09300a52

    • SHA512

      1b2dd7cb6aded3099679a8615f42620c3d6a55b4d176f593e60f891b07a73db0fed6466ee0453fef0f9522533ba9651df3a332f1d5b11c431f7726be2daa0779

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hijack Execution Flow

2
T1574

Privilege Escalation

Hijack Execution Flow

2
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

2
T1574

Tasks