General
-
Target
147b877d92cb69a4f47a6d6c9e4481db
-
Size
135KB
-
Sample
220805-ylyn1sgfe2
-
MD5
147b877d92cb69a4f47a6d6c9e4481db
-
SHA1
c37890898f0faef6f92fe1cd2506bf11be2fcf75
-
SHA256
323eb2ac9034ac59a744a4743f3de35307a4a05a24af0cf75b89bf17ff8d0d6d
-
SHA512
9087a3a2045affe99a5346185b864e933e39164288c15b885f567355f2b009dd93d2a71fa6c55264878582c9c68ee65cd0a43ecc1fec44ef24ca7ca8f28decf6
Behavioral task
behavioral1
Sample
147b877d92cb69a4f47a6d6c9e4481db
Resource
debian9-armhf-en-20211208
Malware Config
Targets
-
-
Target
147b877d92cb69a4f47a6d6c9e4481db
-
Size
135KB
-
MD5
147b877d92cb69a4f47a6d6c9e4481db
-
SHA1
c37890898f0faef6f92fe1cd2506bf11be2fcf75
-
SHA256
323eb2ac9034ac59a744a4743f3de35307a4a05a24af0cf75b89bf17ff8d0d6d
-
SHA512
9087a3a2045affe99a5346185b864e933e39164288c15b885f567355f2b009dd93d2a71fa6c55264878582c9c68ee65cd0a43ecc1fec44ef24ca7ca8f28decf6
Score9/10-
Contacts a large (37205) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Write file to user bin folder
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-