Analysis
-
max time kernel
14176s -
max time network
153s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
submitted
21-05-2022 19:02
General
-
Target
a3a0ca1807dc2ae6cf437b60700e59e3bc72c8bf40fddc771fb6a9d76bc04109
-
Size
38KB
-
MD5
47bc35db5ed75f0c70a45d97b6291717
-
SHA1
081d0d221f4a2af4f1efd0a51af6ff353c629805
-
SHA256
a3a0ca1807dc2ae6cf437b60700e59e3bc72c8bf40fddc771fb6a9d76bc04109
-
SHA512
70f76a1455bcb3c1fc82467e6f8a30389d97bb6fc1416c97bcdbaf5ec2e363640b72b5f9008ab6a98e407d4dfdc3d8bcc809a4f353d37718361aebc0fd73bcf0
Score
9/10
Malware Config
Signatures
-
Contacts a large (112297) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.
Processes
-
./a3a0ca1807dc2ae6cf437b60700e59e3bc72c8bf40fddc771fb6a9d76bc04109./a3a0ca1807dc2ae6cf437b60700e59e3bc72c8bf40fddc771fb6a9d76bc041091⤵
- Reads runtime system information