Analysis
-
max time kernel
0s -
max time network
152s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
31/10/2022, 22:52
Behavioral task
behavioral1
Sample
d0d99b6593cde583a085314ac26a1698.elf
Resource
debian9-mipsel-en-20211208
General
-
Target
d0d99b6593cde583a085314ac26a1698.elf
-
Size
90KB
-
MD5
d0d99b6593cde583a085314ac26a1698
-
SHA1
8d2ece2dbba37e187c3b0c4984b4e2857fc78162
-
SHA256
e318fb3342b5b1b3f5d807713a3a6bff424d38392a8f9770619f63535ee750f1
-
SHA512
470ca4cbe16f64e95324f0aaa40001d8254143ef48340e17659d5efb50c20f0be5c16e759f204fe2195e30f919ed8964657364ee6683b60bd2d31f0726f2b8e2
-
SSDEEP
1536:jJoTk7bqTw9kFcZ9JU04ajxvrRpqwNmJIQZDfeankO:Nt7bqTPFeJtpqwNmCQ51
Malware Config
Signatures
-
Contacts a large (88149) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 3 IoCs
description ioc Process /sbin/watchdog /sbin/watchdog d0d99b6593cde583a085314ac26a1698.elf /bin/watchdog /bin/watchdog d0d99b6593cde583a085314ac26a1698.elf /bin/busybox /bin/busybox Process not Found -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/ /proc/ -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc /tmp/systemd-private-ff9443d4e1ba8842fd98691fe910b224ede-Dpf4df /tmp/systemd-private-ff9443d4e1ba8842fd98691fe910b224ede-Dpf4df