General

  • Target

    bdc02fe5c4e820cc750d4b5b7280f2cd

  • Size

    31KB

  • Sample

    211209-s77k6adggm

  • MD5

    bdc02fe5c4e820cc750d4b5b7280f2cd

  • SHA1

    d49ff96bbfbd990ffdb4727a809b97eb05bf1c2a

  • SHA256

    a06645dcacd00b2ffa5db96729241c355e012fa87a2ef16d595a4bac7a7dcd10

  • SHA512

    5761b1230316be14335fb19f0d441377a16b28e4a809d77e9cd08da48d99c3e4ad14cd135cac186094c20cb245faa8d41d950540941e0686b70bb68cd39990bb

Score
9/10

Malware Config

Targets

    • Target

      bdc02fe5c4e820cc750d4b5b7280f2cd

    • Size

      31KB

    • MD5

      bdc02fe5c4e820cc750d4b5b7280f2cd

    • SHA1

      d49ff96bbfbd990ffdb4727a809b97eb05bf1c2a

    • SHA256

      a06645dcacd00b2ffa5db96729241c355e012fa87a2ef16d595a4bac7a7dcd10

    • SHA512

      5761b1230316be14335fb19f0d441377a16b28e4a809d77e9cd08da48d99c3e4ad14cd135cac186094c20cb245faa8d41d950540941e0686b70bb68cd39990bb

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Impair Defenses

1
T1562

Discovery

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Tasks