Overview

overview

9

Static

static

7393a20dac...adbaaa

linux_armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7393a20dacd93179d8ec1821ee63d33c091d5d63c1f40e58171c680b24adbaaa

  • Size

    119KB

  • Sample

    220521-p52qcagfg8

  • MD5

    cb61d5eaaf7084b0961c86467cfc5b78

  • SHA1

    0cbea13947cf49248bbca6946b29219fbb6291dc

  • SHA256

    7393a20dacd93179d8ec1821ee63d33c091d5d63c1f40e58171c680b24adbaaa

  • SHA512

    c7dd615c82b1f20be41dce50d853438c89b62798d70b3ff0d84ccdbd9b30991ca7c1939a9abb242c66f55d2a24f3aaf2337c2a3aed2e8fc125ce53020f693091

Score
9/10
discoverylinux

Malware Config

Targets

    • Target

      7393a20dacd93179d8ec1821ee63d33c091d5d63c1f40e58171c680b24adbaaa

    • Size

      119KB

    • MD5

      cb61d5eaaf7084b0961c86467cfc5b78

    • SHA1

      0cbea13947cf49248bbca6946b29219fbb6291dc

    • SHA256

      7393a20dacd93179d8ec1821ee63d33c091d5d63c1f40e58171c680b24adbaaa

    • SHA512

      c7dd615c82b1f20be41dce50d853438c89b62798d70b3ff0d84ccdbd9b30991ca7c1939a9abb242c66f55d2a24f3aaf2337c2a3aed2e8fc125ce53020f693091

    Score
    9/10
    discovery

    • Contacts a large (87312) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Scanning

2
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks