Analysis
-
max time kernel
28273s -
max time network
152s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
resource tags
arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
31/10/2022, 22:53
Behavioral task
behavioral1
Sample
b9f186e523aa2397036ef8a095b9b764.elf
Resource
debian9-mipsbe-en-20211208
General
-
Target
b9f186e523aa2397036ef8a095b9b764.elf
-
Size
90KB
-
MD5
b9f186e523aa2397036ef8a095b9b764
-
SHA1
e86749481288dea5ee6cfed50e989427ad88dbb0
-
SHA256
2a930a89bc676f31624dd8aecddd9a70ee4b8529883bea95e528bba90513f3bf
-
SHA512
fc66caa8bfc3fef7ace21c8a849938ea1020df337b2f91c19b760f21dc86e274cd7fc41ee29de806fc21e0c396d9265f708da5f35316cf4501cf1d2f7f01ea48
-
SSDEEP
1536:1gfv0z8Xfb1sKBmeH4Js3HLynRlnmFkrND+ade27fp:8v0zkfvBmeH42y3nmFkrND+abfp
Malware Config
Signatures
-
Contacts a large (133856) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 3 IoCs
description ioc Process /bin/watchdog /bin/watchdog b9f186e523aa2397036ef8a095b9b764.elf /bin/busybox /bin/busybox Process not Found /sbin/watchdog /sbin/watchdog b9f186e523aa2397036ef8a095b9b764.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/ /proc/ -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc /tmp/systemd-private-ff9443d4e1ba8842fd98691fe910b224ede-Dpf4df /tmp/systemd-private-ff9443d4e1ba8842fd98691fe910b224ede-Dpf4df