Analysis
-
max time kernel
14411s -
max time network
153s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
submitted
24-05-2022 12:19
General
-
Target
b04c2c2e768f2036a49291a24a85d487
-
Size
97KB
-
MD5
b04c2c2e768f2036a49291a24a85d487
-
SHA1
41a3faa49a8e9106279c8e3575868208c619057c
-
SHA256
04315a61a09947ceceb167f5740666300225007375c150a9f828f57fce370901
-
SHA512
94fd48fa8a27c08afcdc5dadb136989b040a69166649400a28d8c576b5a6848b15f22d23754f7757c14b64d978a7bf9a2b3d0855819fd06cb5f7ad64d2dd0e05
Score
9/10
Malware Config
Signatures
-
Contacts a large (20596) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 23 IoCs
Reads data from /proc virtual filesystem.
Processes
-
./b04c2c2e768f2036a49291a24a85d487./b04c2c2e768f2036a49291a24a85d4871⤵