Analysis

  • max time kernel
    28273s
  • max time network
    152s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    31/10/2022, 22:53

General

  • Target

    b9f186e523aa2397036ef8a095b9b764.elf

  • Size

    90KB

  • MD5

    b9f186e523aa2397036ef8a095b9b764

  • SHA1

    e86749481288dea5ee6cfed50e989427ad88dbb0

  • SHA256

    2a930a89bc676f31624dd8aecddd9a70ee4b8529883bea95e528bba90513f3bf

  • SHA512

    fc66caa8bfc3fef7ace21c8a849938ea1020df337b2f91c19b760f21dc86e274cd7fc41ee29de806fc21e0c396d9265f708da5f35316cf4501cf1d2f7f01ea48

  • SSDEEP

    1536:1gfv0z8Xfb1sKBmeH4Js3HLynRlnmFkrND+ade27fp:8v0zkfvBmeH42y3nmFkrND+abfp

Score
9/10

Malware Config

Signatures

  • Contacts a large (133856) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 3 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/b9f186e523aa2397036ef8a095b9b764.elf
    /tmp/b9f186e523aa2397036ef8a095b9b764.elf
    1⤵
    • Writes file to system bin folder
    PID:320

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads