Analysis
-
max time kernel
14177s -
max time network
159s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
submitted
21-05-2022 18:59
Static task
static1
Behavioral task
behavioral1
Sample
398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15
Resource
debian9-armhf-en-20211208
General
-
Target
398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15
-
Size
53KB
-
MD5
111152d457d2be72cd39d50f1afc33b0
-
SHA1
b094ba97375436d9887bbac6a4cd47b959950f8a
-
SHA256
398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15
-
SHA512
e1224f55a0853583a68de62d3d23cb8fbb132ddad6410b133ea87665a7cb071b9cd786852ec496d70247b6a4f55e198b3b7fb9b422c7453d8880408762d551dc
Malware Config
Signatures
-
Contacts a large (87840) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc /sbin/watchdog /sbin/watchdog /bin/watchdog /bin/watchdog -
Reads runtime system information 27 IoCs
Reads data from /proc virtual filesystem.
Processes:
398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15description ioc /proc/415/cmdline /proc/415/cmdline /proc/429/cmdline /proc/429/cmdline /proc/453/cmdline /proc/453/cmdline /proc/466/cmdline /proc/466/cmdline /proc/473/cmdline /proc/473/cmdline /proc/401/cmdline /proc/401/cmdline /proc/408/cmdline /proc/408/cmdline /proc/409/cmdline /proc/409/cmdline /proc/450/cmdline /proc/450/cmdline /proc/454/cmdline /proc/454/cmdline /proc/458/cmdline /proc/458/cmdline /proc/423/cmdline /proc/423/cmdline /proc/439/cmdline /proc/439/cmdline /proc/445/cmdline /proc/445/cmdline /proc/417/cmdline /proc/417/cmdline /proc/494/cmdline /proc/494/cmdline /proc/411/cmdline /proc/411/cmdline /proc/414/cmdline /proc/414/cmdline /proc/484/cmdline /proc/484/cmdline /proc/488/cmdline /proc/488/cmdline /proc/492/cmdline /proc/492/cmdline /proc/self/exe /proc/self/exe 398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15 /proc/ /proc/ /proc/435/cmdline /proc/435/cmdline /proc/446/cmdline /proc/446/cmdline /proc/472/cmdline /proc/472/cmdline /proc/480/cmdline /proc/480/cmdline