Overview

overview

9

Static

static

data/cowri...585337

debian-9-armhf

data/cowri...585337

debian-9-mips

data/cowri...585337

debian-9-mipsel

data/cowri...585337

ubuntu-18.04-amd64

data/cowri...2a836a

debian-9-armhf

data/cowri...2a836a

debian-9-mips

data/cowri...2a836a

debian-9-mipsel

data/cowri...2a836a

ubuntu-18.04-amd64

data/cowri...aa3de3

debian-9-armhf

9

data/cowri...aa3de3

debian-9-mips

data/cowri...aa3de3

debian-9-mipsel

data/cowri...aa3de3

ubuntu-18.04-amd64

data/cowri...69f8f2

debian-9-armhf

data/cowri...69f8f2

debian-9-mips

data/cowri...69f8f2

debian-9-mipsel

data/cowri...69f8f2

ubuntu-18.04-amd64

data/cowri...96cec0

debian-9-armhf

data/cowri...96cec0

debian-9-mips

data/cowri...96cec0

debian-9-mipsel

data/cowri...96cec0

ubuntu-18.04-amd64

data/cowri...dd766c

debian-9-armhf

5

data/cowri...dd766c

debian-9-mips

5

data/cowri...dd766c

debian-9-mipsel

5

data/cowri...dd766c

ubuntu-18.04-amd64

5

data/cowri...f58ae9

debian-9-armhf

9

data/cowri...f58ae9

debian-9-mips

9

data/cowri...f58ae9

debian-9-mipsel

9

data/cowri...f58ae9

ubuntu-18.04-amd64

9

data/cowri...c8f85d

debian-9-armhf

data/cowri...c8f85d

debian-9-mips

data/cowri...c8f85d

debian-9-mipsel

data/cowri...c8f85d

ubuntu-18.04-amd64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    downloads.tgz.2

  • Size

    82KB

  • Sample

    221018-c1kj2sebb4

  • MD5

    27d869fb9fbc69aa67e8164bb1bc704a

  • SHA1

    29eead9d12b1c7b3b192ccb7cfe06c74dea1942d

  • SHA256

    1b5d46e827ac989be8cb2f99aa8ce3724a8f0d37cee9ff044abe66d74e0b884a

  • SHA512

    3158f47e63b1c361cf4b1740c40a49a15b0f3b94a37fa787649ba2e34626f7ba7be6e7443ada90ec1d22e0b07e217082f40ad460a60d0b7132e29ac16bc85fb4

  • SSDEEP

    1536:WnvOpc4kDQfVMGAXSEYQjbChaAUmyU23M51DjZMSQAvcYIILi1DrASzZh:WnLDQtbAXFYQChaAU05ljPQsII+R3z

Score
9/10
linux

Malware Config

Targets

    • Target

      data/cowrie/downloads/0db4f8ea9c2fd15a3fa176534bacb8507660f7d0944fa1f11e889410e6585337

    • Size

      1KB

    • MD5

      1c41d5d08b659b251ca221cf36426cc1

    • SHA1

      8253adb5729ccae6afb3c1fcb1e19a1a4287a907

    • SHA256

      0db4f8ea9c2fd15a3fa176534bacb8507660f7d0944fa1f11e889410e6585337

    • SHA512

      586f97f550521346a36eb18caad20f37a11883939435fa061c9178f3437f9f5fc517048631cbb45dc89f0a44c22390cf19ba4a4b7dd23a3769851295b4ac051b

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      data/cowrie/downloads/394a862032b8d27a1dce87dfbadb814c9d2c1a26d067d4ea4ed6541c342a836a

    • Size

      9B

    • MD5

      850eb40eb5fe5b791edbf21e7fffca63

    • SHA1

      9b232e5e7478c280547c91e8d2ee5d6db116e8e8

    • SHA256

      394a862032b8d27a1dce87dfbadb814c9d2c1a26d067d4ea4ed6541c342a836a

    • SHA512

      19a929d4f3a9d5de60848767caa63b86fae19af8917f2f0c85422bd44d60b8947ae86fa59028bd81472961fc8e17a10595117dbe650f953e5d965bb4edaa0fda

    Score
    1/10
    behavioral5behavioral6behavioral7behavioral8

    • Target

      data/cowrie/downloads/a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3

    • Size

      78KB

    • MD5

      9b6c3518a91d23ed77504b5416bfb5b3

    • SHA1

      0a2d170abbf5031566377b01431e3b82d342630a

    • SHA256

      a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3

    • SHA512

      b2b08d5d5e6c6708d88b793e9340a780d47b5dce61e0a3026b4cdea8a9e4cbf9824037255e4ea4a40fee5bce956485232376d4677ce72ccb6c7f00badd09956e

    • SSDEEP

      1536:87vbq1lGAXSEYQjbChaAU2yU23M51DjZgSQAvcYkFtZTjzBht5:8D+CAXFYQChaAUk5ljnQssL

    Score
    9/10

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral9behavioral10behavioral11behavioral12

    • Target

      data/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2

    • Size

      389B

    • MD5

      a420f7a60a40f3ff3a806a01feb1dfda

    • SHA1

      1ae65132b036de51bcc62f66b51ae362e11182af

    • SHA256

      a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2

    • SHA512

      1ba854c321d89441291da2638d65748ffa06923a63fd2bb9be8a66440236503fb34e375726a8da679b55ced51dda82293ffcfb8bb76563e2da0071222d3247bf

    Score
    1/10
    behavioral13behavioral14behavioral15behavioral16

    • Target

      data/cowrie/downloads/b4cbc01ef78d6e36d470d2f6df077b4e4198ac0fdceb9f8087d9a20ed696cec0

    • Size

      4KB

    • MD5

      3b58c112975a154962948ffaf6fb5edc

    • SHA1

      3afa30d34f2a687d475f1f5d2fc760b39b795470

    • SHA256

      b4cbc01ef78d6e36d470d2f6df077b4e4198ac0fdceb9f8087d9a20ed696cec0

    • SHA512

      0d1273f542f3f0502a91b4d6c00e294d602d6fa55806c3022d8cb4ca7246acd315336f35aa693fff0fb9e94da158d44180ea194d9d285c7b2c93436511e836a3

    • SSDEEP

      96:mRYZxQOBpLyxIcymLKY8M991wuIaQPYPW:mRJObLyxIIYMdwuwPYPW

    Score
    1/10
    behavioral17behavioral18behavioral19behavioral20

    • Target

      data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c

    • Size

      1KB

    • MD5

      d282aeb196dc438987fa7fee1a0e660f

    • SHA1

      050d2a4da69b9660a3a080292a08ee2db4f94eb3

    • SHA256

      dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c

    • SHA512

      45fe0bd9a44b8ee979bf03e8557452c3b1026975809ccf13e0b334a31c0b8daef0628464952c4cc78537e08c5d4be96845ae3e700259200b81a0b8177c56d7fb

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral21behavioral22behavioral23behavioral24

    • Target

      data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9

    • Size

      1KB

    • MD5

      a629b120ac58761ba9dc17d98bdd7308

    • SHA1

      717dc325ea7c8020904a8cb79dbe2672057884b5

    • SHA256

      fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9

    • SHA512

      34be4ea3750a9255d2c4a471d2608824863af5b1f8d09d3d16c5c892c69229aed9523855f32c44fe4082ca276ec5cdf12631de54de0d7208a88f6dbe18774dc3

    Score
    9/10

    • Writes file to system bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral25behavioral26behavioral27behavioral28

    • Target

      data/cowrie/downloads/ff6f81930943c96a37d7741cd547ad90295a9bd63b6194b2a834a1d32bc8f85d

    • Size

      4B

    • MD5

      9492fe88f263d58e0b686885e8c98c0e

    • SHA1

      9e1d29046714971b45d2f60900163fb15070d37b

    • SHA256

      ff6f81930943c96a37d7741cd547ad90295a9bd63b6194b2a834a1d32bc8f85d

    • SHA512

      fd9e366105d5d05da689655cb8d084a662e5c5e28b214dece7e011096f5a9ff996b3b812c667e824fcb92c83406832270e4b0d206e41213150d128ddcae82c10

    Score
    1/10
    behavioral29behavioral30behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Tasks