General
-
Target
apep.arm7
-
Size
140KB
-
Sample
220708-lvgqmsdef2
-
MD5
a79d2f01be07528423fdda44a0628091
-
SHA1
de717493dc9a68befd39a677edc160f7e3f76f00
-
SHA256
ab00425d3c2a110179a10b747dc69f7314fdcff9dcbabbd04653bd17908403b5
-
SHA512
7571ab233e4ad7d3980b30c394124bd03eef6301bca8c772a9a8e80509b6f8eb194d2bbca51a953631ae6af1a0582abfe55d01b9efc8b0cf505a864cd9bc9a2d
Static task
static1
Behavioral task
behavioral1
Sample
apep.arm7
Resource
debian9-armhf-en-20211208
Malware Config
Targets
-
-
Target
apep.arm7
-
Size
140KB
-
MD5
a79d2f01be07528423fdda44a0628091
-
SHA1
de717493dc9a68befd39a677edc160f7e3f76f00
-
SHA256
ab00425d3c2a110179a10b747dc69f7314fdcff9dcbabbd04653bd17908403b5
-
SHA512
7571ab233e4ad7d3980b30c394124bd03eef6301bca8c772a9a8e80509b6f8eb194d2bbca51a953631ae6af1a0582abfe55d01b9efc8b0cf505a864cd9bc9a2d
Score9/10-
Contacts a large (88857) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-