Analysis
-
max time kernel
3650s -
max time network
158s -
platform
linux_armhf -
resource
debian9-armhf-en-20211025 -
submitted
06-12-2021 19:50
Static task
static1
Behavioral task
behavioral1
Sample
trynagetmybinsufucker98575.arm7
Resource
debian9-armhf-en-20211025
linux_armhf
0 signatures
0 seconds
General
-
Target
trynagetmybinsufucker98575.arm7
-
Size
52KB
-
MD5
b645a8e3e118e87c62a041e3e5c11352
-
SHA1
6391f7cf9031f0830b4633fbb2111c1f2a2c9d77
-
SHA256
408e2fb36e335cf5d9dad47bf66657a750128c2db4eec878fc0675fb09300a52
-
SHA512
1b2dd7cb6aded3099679a8615f42620c3d6a55b4d176f593e60f891b07a73db0fed6466ee0453fef0f9522533ba9651df3a332f1d5b11c431f7726be2daa0779
Score
9/10
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Write file to user bin folder 1 TTPs 3 IoCs
Processes:
description ioc /usr/bin/apt-config /usr/bin/apt-config /usr/bin/basename /usr/bin/basename /usr/bin/apt-get /usr/bin/apt-get -
Reads runtime system information 30 IoCs
Reads data from /proc virtual filesystem.
Processes:
trynagetmybinsufucker98575.arm7description ioc /proc/492/exe /proc/492/exe /proc/437/exe /proc/437/exe /proc/440/exe /proc/440/exe /proc/423/exe /proc/423/exe /proc/431/exe /proc/431/exe /proc/458/exe /proc/458/exe /proc/471/exe /proc/471/exe /proc/486/exe /proc/486/exe /proc/483/exe /proc/483/exe /proc/self/exe /proc/self/exe trynagetmybinsufucker98575.arm7 /proc/401/exe /proc/401/exe /proc/459/exe /proc/459/exe /proc/472/exe /proc/472/exe /proc/482/exe /proc/482/exe /proc/419/exe /proc/419/exe /proc/446/exe /proc/446/exe /proc/359/exe /proc/359/exe /proc/439/exe /proc/439/exe /proc/356/exe /proc/356/exe /proc/414/exe /proc/414/exe /proc/415/exe /proc/415/exe /proc/445/exe /proc/445/exe /proc/470/exe /proc/470/exe /proc/493/exe /proc/493/exe /proc/ /proc/ /proc/411/exe /proc/411/exe /proc/491/exe /proc/491/exe /proc/494/exe /proc/494/exe /proc/429/exe /proc/429/exe /proc/450/exe /proc/450/exe