Analysis
-
max time kernel
14372s -
max time network
153s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
submitted
24-05-2022 01:25
General
-
Target
fd81d8a0be2c12f5850617967249d2146dff59435168b2887e99909f271f5081
-
Size
89KB
-
MD5
623a8f1abb5800afe3e1a9d86c426805
-
SHA1
f54f7c85c26b92a6e1e09bce5e393f368154bb09
-
SHA256
fd81d8a0be2c12f5850617967249d2146dff59435168b2887e99909f271f5081
-
SHA512
c4b70c0417cc88da9f7aad73fece297d9358ef56a91e63f057722f9de69368c1efc9fb6b18364c9f97f4b762d67d6ea1c65c82c8f7d6c6156d363e2951f56020
Score
9/10
Malware Config
Signatures
-
Contacts a large (20390) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 23 IoCs
Reads data from /proc virtual filesystem.
Processes
-
./fd81d8a0be2c12f5850617967249d2146dff59435168b2887e99909f271f5081./fd81d8a0be2c12f5850617967249d2146dff59435168b2887e99909f271f50811⤵