Overview

overview

10

Static

static

10

b55a70cb51...ccc487

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b55a70cb515cdf66d6be3b99f1ccc487

  • Size

    140KB

  • Sample

    220812-tx3pwsfcgp

  • MD5

    b55a70cb515cdf66d6be3b99f1ccc487

  • SHA1

    e4bcd73dc52c1fa051bff90698de325612371475

  • SHA256

    760646bca1fd64fa9808cb6dcc6e01221bde686cc719dcdd05c82b392e7fe247

  • SHA512

    a7e8568f5f8204a8f0d5c0bc0fb33636ebd6de44de78b5c456ad29019880eae750b1c7a57e6a7ab7ee6a2b2d1a800c883dcdcb3b5765ba57c2affd0eaae0824b

Score
10/10
gafgytmiraidiscoverylinux

Malware Config

Targets

    • Target

      b55a70cb515cdf66d6be3b99f1ccc487

    • Size

      140KB

    • MD5

      b55a70cb515cdf66d6be3b99f1ccc487

    • SHA1

      e4bcd73dc52c1fa051bff90698de325612371475

    • SHA256

      760646bca1fd64fa9808cb6dcc6e01221bde686cc719dcdd05c82b392e7fe247

    • SHA512

      a7e8568f5f8204a8f0d5c0bc0fb33636ebd6de44de78b5c456ad29019880eae750b1c7a57e6a7ab7ee6a2b2d1a800c883dcdcb3b5765ba57c2affd0eaae0824b

    Score
    9/10
    discovery

    • Contacts a large (69085) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks