60db80b8eda9b4a321f7be831842ee9027a42560933145b3c87e5d5573bbd740

Analysis

max time kernel
28609s
max time network
144s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
04/11/2022, 20:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e18bda720414d9dd96d8070b69660a0.elf
Size

151KB
MD5

6e18bda720414d9dd96d8070b69660a0
SHA1

01af8d547f6f5c141296be9111e951e69ad850bc
SHA256

60db80b8eda9b4a321f7be831842ee9027a42560933145b3c87e5d5573bbd740
SHA512

4b482840a625194aecf19bfb61df7557e6c94f60a28eb9aee86646f02551073a8a79411b64b260f6fe777dc0643cb8a86615320c671526248e4ba86e9972e20d
SSDEEP

3072:JW6dK9tS1aRGQdK76t/zL9I5mrThPaLEnvPrNb:c6UG+LLCmrThPaLEnvPrNb

Score

9^/10

Malware Config

Signatures

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery

T1016

description	ioc	Process
/proc/net/route	/proc/net/route	6e18bda720414d9dd96d8070b69660a0.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
/proc/net/route	/proc/net/route	6e18bda720414d9dd96d8070b69660a0.elf

/tmp/6e18bda720414d9dd96d8070b69660a0.elf
/tmp/6e18bda720414d9dd96d8070b69660a0.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:321

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads