Analysis
-
max time kernel
14178s -
max time network
159s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
submitted
21-05-2022 19:04
Static task
static1
Behavioral task
behavioral1
Sample
b2dfce90a8bc90275ffeaad5f01eb9940d492386d9fff13846058d9b94b06b98
Resource
debian9-armhf-en-20211208
General
-
Target
b2dfce90a8bc90275ffeaad5f01eb9940d492386d9fff13846058d9b94b06b98
-
Size
141KB
-
MD5
319890498d82b72cd35dd91989e5d24b
-
SHA1
d72d8ea187e53d3a478a21392d4126044d95e45d
-
SHA256
b2dfce90a8bc90275ffeaad5f01eb9940d492386d9fff13846058d9b94b06b98
-
SHA512
98f401339f2fe459b2fcb9fdd4dbd92998b726cf686a8f40d539c96f917dfe3c9d1860ec23050796deed94af39d55d11bd3e428a217fc88a65b05e6be9dd584d
Malware Config
Signatures
-
Contacts a large (18867) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Write file to user bin folder 1 TTPs 2 IoCs
Processes:
description ioc /usr/bin/apt-config /usr/bin/apt-config /usr/bin/apt-get /usr/bin/apt-get -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 42 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/236/fd /proc/236/fd /proc/358/fd /proc/358/fd /proc/494/exe /proc/494/exe /proc/ /proc/ /proc/280/fd /proc/280/fd /proc/431/exe /proc/431/exe /proc/450/exe /proc/450/exe /proc/496/exe /proc/496/exe /proc/169/fd /proc/169/fd /proc/283/fd /proc/283/fd /proc/312/fd /proc/312/fd /proc/454/exe /proc/454/exe /proc/472/exe /proc/472/exe /proc/1/fd /proc/1/fd /proc/279/fd /proc/279/fd /proc/361/fd /proc/361/fd /proc/362/fd /proc/362/fd /proc/413/exe /proc/413/exe /proc/419/exe /proc/419/exe /proc/432/exe /proc/432/exe /proc/462/exe /proc/462/exe /proc/233/fd /proc/233/fd /proc/498/exe /proc/498/exe /proc/473/exe /proc/473/exe /proc/291/fd /proc/291/fd /proc/308/fd /proc/308/fd /proc/314/fd /proc/314/fd /proc/401/exe /proc/401/exe /proc/412/exe /proc/412/exe /proc/234/fd /proc/234/fd /proc/315/fd /proc/315/fd /proc/359/fd /proc/359/fd /proc/495/exe /proc/495/exe /proc/238/fd /proc/238/fd /proc/217/fd /proc/217/fd /proc/355/fd /proc/355/fd /proc/356/fd /proc/356/fd /proc/363/fd /proc/363/fd /proc/359/exe /proc/359/exe /proc/147/fd /proc/147/fd /proc/445/exe /proc/445/exe /proc/415/exe /proc/415/exe