Analysis
-
max time kernel
14176s -
max time network
153s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
submitted
21-05-2022 19:01
Static task
static1
Behavioral task
behavioral1
Sample
de073fc0db5b66cb020609be0f15e332e69450c07404b4f5a72a4befed8b8453
Resource
debian9-mipsbe-en-20211208
General
-
Target
de073fc0db5b66cb020609be0f15e332e69450c07404b4f5a72a4befed8b8453
-
Size
87KB
-
MD5
530c13e5b48b598d9a9194e8d86f403f
-
SHA1
903786914dedeb06b8d470c07a51833e342b8e4b
-
SHA256
de073fc0db5b66cb020609be0f15e332e69450c07404b4f5a72a4befed8b8453
-
SHA512
b3530d88474ce22d96bbdde90086157d09cd215831af32a0c7a6b60ff05ce281cbf797142182f1c083f32121be7cae0659eee950cca77861f4b51f511cc2ea72
Malware Config
Signatures
-
Contacts a large (20207) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 14 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/156/fd /proc/156/fd /proc/216/fd /proc/216/fd /proc/227/fd /proc/227/fd /proc/234/fd /proc/234/fd /proc/260/fd /proc/260/fd /proc/1/fd /proc/1/fd /proc/336/exe /proc/336/exe /proc/ /proc/ /proc/224/fd /proc/224/fd /proc/253/fd /proc/253/fd /proc/254/fd /proc/254/fd /proc/333/exe /proc/333/exe /proc/139/fd /proc/139/fd /proc/225/fd /proc/225/fd