Analysis
-
max time kernel
14179s -
max time network
158s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
submitted
21-05-2022 19:04
General
-
Target
2c1ced87bdfe47991f6457e382ca2642f968d71eb5086424a11d41661ad6a551
-
Size
116KB
-
MD5
576bf85eb2b09c1525482eed251add2d
-
SHA1
9c403fe42671bb29ea6d970a2e80ea98360b8dc1
-
SHA256
2c1ced87bdfe47991f6457e382ca2642f968d71eb5086424a11d41661ad6a551
-
SHA512
bf289aa0a97345be8cbcaed8df0f7a6476b8bcf7a0e65431f440208f4652fc00533cfe6abffd5aaacf91abb3f9938bb3d32a6f96f7bba4c1efad4b67e199f6e1
Score
9/10
Malware Config
Signatures
-
Contacts a large (52035) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 22 IoCs
Reads data from /proc virtual filesystem.
Processes
-
./2c1ced87bdfe47991f6457e382ca2642f968d71eb5086424a11d41661ad6a551./2c1ced87bdfe47991f6457e382ca2642f968d71eb5086424a11d41661ad6a5511⤵