586a8b333dd15ac7249d626400d12ada7b0838a3c5213268c5495af76e6e850d

Analysis

max time kernel
24579s
max time network
153s
platform
linux_mipsel
resource
debian9-mipsel-en-20211208
resource tags

arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
19/09/2022, 04:50

Target

ae7e7ed26b305f1a064855598adb3cbb.elf
Size

109KB
MD5

ae7e7ed26b305f1a064855598adb3cbb
SHA1

3465dd1dc03d6614adb0dbce94b8c99bfa5ad3e9
SHA256

586a8b333dd15ac7249d626400d12ada7b0838a3c5213268c5495af76e6e850d
SHA512

aa0ec5b0d986f6d7fd3202cb00937756e0c44cf999bcfa7066d7d5a79fcaf707f5ae741e81239a34b6c7b6cfb0ae8ad71988a1e60a58d3c1dea8cd8d3c0cfde6
SSDEEP

1536:8hQSdXAezAirIbsU62W7Aw4+TUJD4eOsQr4bDrvJvFcEl9:ZQXjzAirIbTqAw4gptE

Score

9^/10

discovery

Contacts a large (106274) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc
/proc/	/proc/

/tmp/ae7e7ed26b305f1a064855598adb3cbb.elf
/tmp/ae7e7ed26b305f1a064855598adb3cbb.elf
1⤵
PID:322

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact