Analysis
-
max time kernel
14176s -
max time network
153s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
submitted
21-05-2022 19:01
General
-
Target
de073fc0db5b66cb020609be0f15e332e69450c07404b4f5a72a4befed8b8453
-
Size
87KB
-
MD5
530c13e5b48b598d9a9194e8d86f403f
-
SHA1
903786914dedeb06b8d470c07a51833e342b8e4b
-
SHA256
de073fc0db5b66cb020609be0f15e332e69450c07404b4f5a72a4befed8b8453
-
SHA512
b3530d88474ce22d96bbdde90086157d09cd215831af32a0c7a6b60ff05ce281cbf797142182f1c083f32121be7cae0659eee950cca77861f4b51f511cc2ea72
Score
9/10
Malware Config
Signatures
-
Contacts a large (20207) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 14 IoCs
Reads data from /proc virtual filesystem.
Processes
-
./de073fc0db5b66cb020609be0f15e332e69450c07404b4f5a72a4befed8b8453./de073fc0db5b66cb020609be0f15e332e69450c07404b4f5a72a4befed8b84531⤵