General
-
Target
920fa5d461785b824315a895075a13ca140445aa2ee3b3862d46f83934d5325e
-
Size
118KB
-
Sample
220521-p5ntgsgff2
-
MD5
0fe8bbf7e2964efc63bb5234a0d7c395
-
SHA1
85cc32347e7f39d45f919970fa6b8f31ffdcd9ac
-
SHA256
920fa5d461785b824315a895075a13ca140445aa2ee3b3862d46f83934d5325e
-
SHA512
8d8706b7f1aae10bf92e0bbeb7a1ee3e870e1e1eab7d64322e51ab1ea1ede3d29a29be4ebc60515cbbe598e8d9f4ba46259cd29af57ca06624ea5965ff67cb89
Static task
static1
Behavioral task
behavioral1
Sample
920fa5d461785b824315a895075a13ca140445aa2ee3b3862d46f83934d5325e
Resource
debian9-mipsbe-en-20211208
Malware Config
Targets
-
-
Target
920fa5d461785b824315a895075a13ca140445aa2ee3b3862d46f83934d5325e
-
Size
118KB
-
MD5
0fe8bbf7e2964efc63bb5234a0d7c395
-
SHA1
85cc32347e7f39d45f919970fa6b8f31ffdcd9ac
-
SHA256
920fa5d461785b824315a895075a13ca140445aa2ee3b3862d46f83934d5325e
-
SHA512
8d8706b7f1aae10bf92e0bbeb7a1ee3e870e1e1eab7d64322e51ab1ea1ede3d29a29be4ebc60515cbbe598e8d9f4ba46259cd29af57ca06624ea5965ff67cb89
Score9/10-
Contacts a large (61182) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-