Analysis
-
max time kernel
14177s -
max time network
159s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
submitted
21-05-2022 18:59
Static task
static1
Behavioral task
behavioral1
Sample
8550e96dd843997d2625c2fa51660266bf454d85653e0085b3bb1f0c923b0900
Resource
debian9-armhf-en-20211208
General
-
Target
8550e96dd843997d2625c2fa51660266bf454d85653e0085b3bb1f0c923b0900
-
Size
52KB
-
MD5
080baf91f10af767f7c8fcb70a30a90b
-
SHA1
bc03b9f9757454a3b985cb27716847ce9bd84332
-
SHA256
8550e96dd843997d2625c2fa51660266bf454d85653e0085b3bb1f0c923b0900
-
SHA512
23db1efdbf47a781229a957f1f7b5d76e733b6cdea10a7769eff2c94d6ab3ebd889903c25988ea907e740dfe91e75bc339d59f75ac558aceb8bfc2a7c06fd163
Malware Config
Signatures
-
Contacts a large (18867) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Write file to user bin folder 1 TTPs 2 IoCs
Processes:
description ioc /usr/bin/apt-get /usr/bin/apt-get /usr/bin/apt-config /usr/bin/apt-config -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 43 IoCs
Reads data from /proc virtual filesystem.
Processes:
8550e96dd843997d2625c2fa51660266bf454d85653e0085b3bb1f0c923b0900description ioc /proc/442/exe /proc/442/exe /proc/454/exe /proc/454/exe /proc/476/exe /proc/476/exe /proc/self/exe /proc/self/exe 8550e96dd843997d2625c2fa51660266bf454d85653e0085b3bb1f0c923b0900 /proc/1/fd /proc/1/fd /proc/271/fd /proc/271/fd /proc/307/fd /proc/307/fd /proc/430/exe /proc/430/exe /proc/488/exe /proc/488/exe /proc/164/fd /proc/164/fd /proc/304/fd /proc/304/fd /proc/306/fd /proc/306/fd /proc/423/exe /proc/423/exe /proc/490/exe /proc/490/exe /proc/207/fd /proc/207/fd /proc/233/fd /proc/233/fd /proc/351/fd /proc/351/fd /proc/401/exe /proc/401/exe /proc/429/exe /proc/429/exe /proc/301/fd /proc/301/fd /proc/348/fd /proc/348/fd /proc/353/fd /proc/353/fd /proc/355/fd /proc/355/fd /proc/408/exe /proc/408/exe /proc/ /proc/ /proc/230/fd /proc/230/fd /proc/275/fd /proc/275/fd /proc/347/fd /proc/347/fd /proc/350/fd /proc/350/fd /proc/417/exe /proc/417/exe /proc/446/exe /proc/446/exe /proc/468/exe /proc/468/exe /proc/225/fd /proc/225/fd /proc/276/fd /proc/276/fd /proc/411/exe /proc/411/exe /proc/228/fd /proc/228/fd /proc/285/fd /proc/285/fd /proc/351/exe /proc/351/exe /proc/441/exe /proc/441/exe /proc/443/exe /proc/443/exe /proc/131/fd /proc/131/fd /proc/354/fd /proc/354/fd /proc/407/exe /proc/407/exe