Overview

overview

9

Static

static

398af8e17f...712a15

linux_armhf

9

Analysis

  • max time kernel
    14177s
  • max time network
    159s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • submitted
    21-05-2022 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15

  • Size

    53KB

  • MD5

    111152d457d2be72cd39d50f1afc33b0

  • SHA1

    b094ba97375436d9887bbac6a4cd47b959950f8a

  • SHA256

    398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15

  • SHA512

    e1224f55a0853583a68de62d3d23cb8fbb132ddad6410b133ea87665a7cb071b9cd786852ec496d70247b6a4f55e198b3b7fb9b422c7453d8880408762d551dc

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (87840) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 27 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • ./398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15
    ./398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15
    1⤵
    • Reads runtime system information
    PID:353

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Scanning

2
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads