Overview

overview

9

Static

static

a3a0ca1807...c04109

linux_mips

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3a0ca1807dc2ae6cf437b60700e59e3bc72c8bf40fddc771fb6a9d76bc04109

  • Size

    38KB

  • Sample

    220521-xp4trsfefq

  • MD5

    47bc35db5ed75f0c70a45d97b6291717

  • SHA1

    081d0d221f4a2af4f1efd0a51af6ff353c629805

  • SHA256

    a3a0ca1807dc2ae6cf437b60700e59e3bc72c8bf40fddc771fb6a9d76bc04109

  • SHA512

    70f76a1455bcb3c1fc82467e6f8a30389d97bb6fc1416c97bcdbaf5ec2e363640b72b5f9008ab6a98e407d4dfdc3d8bcc809a4f353d37718361aebc0fd73bcf0

Score
9/10
discoverylinux

Malware Config

Targets

    • Target

      a3a0ca1807dc2ae6cf437b60700e59e3bc72c8bf40fddc771fb6a9d76bc04109

    • Size

      38KB

    • MD5

      47bc35db5ed75f0c70a45d97b6291717

    • SHA1

      081d0d221f4a2af4f1efd0a51af6ff353c629805

    • SHA256

      a3a0ca1807dc2ae6cf437b60700e59e3bc72c8bf40fddc771fb6a9d76bc04109

    • SHA512

      70f76a1455bcb3c1fc82467e6f8a30389d97bb6fc1416c97bcdbaf5ec2e363640b72b5f9008ab6a98e407d4dfdc3d8bcc809a4f353d37718361aebc0fd73bcf0

    Score
    9/10
    discovery

    • Contacts a large (112297) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Scanning

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks