Analysis
-
max time kernel
15156s -
max time network
159s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
submitted
02/06/2022, 02:56
Behavioral task
behavioral1
Sample
UnHAnaAW.arm7
Resource
debian9-armhf-en-20211208
General
-
Target
UnHAnaAW.arm7
-
Size
143KB
-
MD5
d10bd59fd76ed21855a25745fdc0ab22
-
SHA1
391a86d835d5a01f8721dab08558a2fe1f28631c
-
SHA256
9e72648012c19756e40f4eb6fcf181b698d7450c91ac4389d13fa6749466c26e
-
SHA512
be5e64d839005537c0e0dcd4236ad396c35b74c73009d2d8174dd4dde514e33646141749e4106aeda0e9227f844a0ae5dc1340afaefb0e56fae5abca9e2efa1a
Malware Config
Signatures
-
Contacts a large (173272) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 1 IoCs
description ioc /sbin/agetty /sbin/agetty -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc /proc/net/tcp /proc/net/tcp -
Write file to user bin folder 1 TTPs 2 IoCs
description ioc /usr/bin/apt-config /usr/bin/apt-config /usr/bin/apt-get /usr/bin/apt-get -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc /proc/net/tcp /proc/net/tcp -
Reads runtime system information 12 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/362/exe /proc/362/exe /proc/434/exe /proc/434/exe /proc/438/exe /proc/438/exe /proc/442/exe /proc/442/exe /proc/416/exe /proc/416/exe /proc/418/exe /proc/418/exe /proc/436/exe /proc/436/exe /proc/356/exe /proc/356/exe /proc/ /proc/ /proc/412/exe /proc/412/exe /proc/413/exe /proc/413/exe /proc/415/exe /proc/415/exe