Analysis
-
max time kernel
14180s -
max time network
161s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
submitted
21-05-2022 19:51
Behavioral task
behavioral1
Sample
Anti.arm7
Resource
debian9-armhf-en-20211208
General
-
Target
Anti.arm7
-
Size
153KB
-
MD5
b8bef1adbc1a1dbd7c2ae953f1f0557d
-
SHA1
4348ec75a867929b12cccf296d81bceb1163329d
-
SHA256
7b3ab06dfe315c9328cd4a32e1c0b39e735f662fa06ecc7e9ca9471a4aad40a1
-
SHA512
9d9302b402b7552177b47d4c396b58c1e7a9a71a2600b019309320058a850e6f9ce2e3fcae0d99bcbcc3429be74076107f9601df52074e3360a5f9477d43a825
Malware Config
Signatures
-
Contacts a large (193401) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 50.7.239.226 -
Write file to user bin folder 1 TTPs 2 IoCs
Processes:
description ioc /usr/bin/apt-config /usr/bin/apt-config /usr/bin/apt-get /usr/bin/apt-get -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 24 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/356/exe /proc/356/exe /proc/362/exe /proc/362/exe /proc/401/exe /proc/401/exe /proc/404/exe /proc/404/exe /proc/419/exe /proc/419/exe /proc/427/exe /proc/427/exe /proc/402/exe /proc/402/exe /proc/418/exe /proc/418/exe /proc/425/exe /proc/425/exe /proc/431/exe /proc/431/exe /proc/432/exe /proc/432/exe /proc/433/exe /proc/433/exe /proc/435/exe /proc/435/exe /proc/412/exe /proc/412/exe /proc/414/exe /proc/414/exe /proc/429/exe /proc/429/exe /proc/436/exe /proc/436/exe /proc/ /proc/ /proc/411/exe /proc/411/exe /proc/413/exe /proc/413/exe /proc/417/exe /proc/417/exe /proc/422/exe /proc/422/exe /proc/430/exe /proc/430/exe /proc/438/exe /proc/438/exe