Overview

overview

9

Static

static

ak.arm7-20...48.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ak.arm7-20220924-0648.elf

  • Size

    63KB

  • Sample

    220924-hlb71safg2

  • MD5

    64fbb0d0b7030f5e8e6d12e3699f44dc

  • SHA1

    e621f1144bd7a5e53873a0872ac2a9adc4c959fb

  • SHA256

    46e56f34f131671c4c2bf5fad0446f6e57eace2a038f08078e073c79536107c4

  • SHA512

    c311080224ff6453cea79e2ba3e3995cc74ebf0451a791a22f7a4c5de73cbee1c820805b550e108b9871cd141aca253f9dc17e0fb140c2528d75d934b78673f2

  • SSDEEP

    1536:TkOL14JpVGYrErIX1Wy55cVKNKG5eALK8BkBXIiSpv3:jKz/riIDSALbk9Il3

Score
9/10
discovery

Malware Config

Targets

    • Target

      ak.arm7-20220924-0648.elf

    • Size

      63KB

    • MD5

      64fbb0d0b7030f5e8e6d12e3699f44dc

    • SHA1

      e621f1144bd7a5e53873a0872ac2a9adc4c959fb

    • SHA256

      46e56f34f131671c4c2bf5fad0446f6e57eace2a038f08078e073c79536107c4

    • SHA512

      c311080224ff6453cea79e2ba3e3995cc74ebf0451a791a22f7a4c5de73cbee1c820805b550e108b9871cd141aca253f9dc17e0fb140c2528d75d934b78673f2

    • SSDEEP

      1536:TkOL14JpVGYrErIX1Wy55cVKNKG5eALK8BkBXIiSpv3:jKz/riIDSALbk9Il3

    Score
    9/10
    discovery

    • Contacts a large (43189) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks