Analysis
-
max time kernel
14176s -
max time network
166s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
submitted
21-05-2022 19:04
Static task
static1
Behavioral task
behavioral1
Sample
038b0610a27b8e34d313fc666ac07cb0f0b342ea1025ffdaf8c6697dddde0380
Resource
debian9-mipsbe-en-20211208
General
-
Target
038b0610a27b8e34d313fc666ac07cb0f0b342ea1025ffdaf8c6697dddde0380
-
Size
30KB
-
MD5
5d5abd94f970f6a72658d087baa9701d
-
SHA1
fb691c535d1d120cc4ce0867374fb3c846c2c0ad
-
SHA256
038b0610a27b8e34d313fc666ac07cb0f0b342ea1025ffdaf8c6697dddde0380
-
SHA512
49faaf5a8320155e0e1509466d8064c917aa7ed7ac26807635bf88200ccd61cd1c397e3afea15f9f296e0fb8a83e28f701d7e12678866b1dcdc9f7e5e9b11291
Malware Config
Signatures
-
Contacts a large (18207) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 14 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/1/fd /proc/1/fd /proc/252/fd /proc/252/fd /proc/328/exe /proc/328/exe /proc/ /proc/ /proc/222/fd /proc/222/fd /proc/255/fd /proc/255/fd /proc/155/fd /proc/155/fd /proc/225/fd /proc/225/fd /proc/226/fd /proc/226/fd /proc/142/fd /proc/142/fd /proc/207/fd /proc/207/fd /proc/224/fd /proc/224/fd /proc/251/fd /proc/251/fd /proc/325/exe /proc/325/exe