Overview

overview

10

Static

static

10

df35dadcab...46.elf

debian-9-armhf

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    df35dadcab546a92a801e8786fbe8846.elf

  • Size

    147KB

  • Sample

    221008-hvyglsedfr

  • MD5

    df35dadcab546a92a801e8786fbe8846

  • SHA1

    a588af835ea0c2687c72f4e61061b04c8db64151

  • SHA256

    900ee79db09ef300d631fec7bb0f86bd8021480fc6eacf1c8ce327fb83ad9710

  • SHA512

    a46e42e965ba985c2f2bfaad1b41ff6b06c8a1a873add851f9658a89336ee361ec3ae59a99a7d9251a18eb1110ae602fd6f301da1eb5aa504cc1538915531ac8

  • SSDEEP

    3072:4JRlOayD9KekJfxtL9jgS3OLuSnM/9wS7xkmAwsH+LCWd:4JrOayD9KrJD9jgOOLuOM/9w2xkmAwsi

Score
10/10
gafgytdiscovery

Malware Config

Targets

    • Target

      df35dadcab546a92a801e8786fbe8846.elf

    • Size

      147KB

    • MD5

      df35dadcab546a92a801e8786fbe8846

    • SHA1

      a588af835ea0c2687c72f4e61061b04c8db64151

    • SHA256

      900ee79db09ef300d631fec7bb0f86bd8021480fc6eacf1c8ce327fb83ad9710

    • SHA512

      a46e42e965ba985c2f2bfaad1b41ff6b06c8a1a873add851f9658a89336ee361ec3ae59a99a7d9251a18eb1110ae602fd6f301da1eb5aa504cc1538915531ac8

    • SSDEEP

      3072:4JRlOayD9KekJfxtL9jgS3OLuSnM/9wS7xkmAwsH+LCWd:4JrOayD9KrJD9jgOOLuOM/9w2xkmAwsi

    Score
    9/10
    discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks