Analysis
-
max time kernel
14177s -
max time network
159s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
submitted
21-05-2022 18:59
General
-
Target
8550e96dd843997d2625c2fa51660266bf454d85653e0085b3bb1f0c923b0900
-
Size
52KB
-
MD5
080baf91f10af767f7c8fcb70a30a90b
-
SHA1
bc03b9f9757454a3b985cb27716847ce9bd84332
-
SHA256
8550e96dd843997d2625c2fa51660266bf454d85653e0085b3bb1f0c923b0900
-
SHA512
23db1efdbf47a781229a957f1f7b5d76e733b6cdea10a7769eff2c94d6ab3ebd889903c25988ea907e740dfe91e75bc339d59f75ac558aceb8bfc2a7c06fd163
Score
9/10
Malware Config
Signatures
-
Contacts a large (18867) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Write file to user bin folder 1 TTPs 2 IoCs
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 43 IoCs
Reads data from /proc virtual filesystem.
Processes
-
./8550e96dd843997d2625c2fa51660266bf454d85653e0085b3bb1f0c923b0900./8550e96dd843997d2625c2fa51660266bf454d85653e0085b3bb1f0c923b09001⤵
- Reads runtime system information