Overview

overview

9

Static

static

ee1e3bfed6...9d.elf

debian-9-armhf

9

Analysis

  • max time kernel
    1039s
  • max time network
    151s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    23-11-2022 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee1e3bfed6bf2eeb29a01d514071759d.elf

  • Size

    68KB

  • MD5

    ee1e3bfed6bf2eeb29a01d514071759d

  • SHA1

    2e64c01aa9d54feefb93e95ed01889611fa48e4c

  • SHA256

    6cacae2a726d74c06d48a96f96189b1cd0474154ea7eaef4f24790bcaa9332bf

  • SHA512

    a04b8c6c733c457e124fae4eb6afd50de80e2a7f8761d5e372ec7f4218f448eebfa381f0ec32e9b2d47d4fbfd7c07dacf0358445efd978d3d2beabe76d04ba2e

  • SSDEEP

    1536:H4EqMiWN37fPlROoXumPr2zTsiRMSxnhIrSbQhM8WIaricCpYgJKc:H/bDXlRmQr2UX8nCrS8hM8RsNqYgYc

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Modifies hosts file 2 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration 1 TTPs 2 IoCs

    Writes data to DNS resolver config file.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 3 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/ee1e3bfed6bf2eeb29a01d514071759d.elf
    /tmp/ee1e3bfed6bf2eeb29a01d514071759d.elf
    1⤵
    • Reads system routing table
    • Reads system network configuration
    PID:353
  • /bin/sh
    sh -c "/bin/busybox wget 2>&1"
    1⤵
      PID:373
      • /bin/busybox
        /bin/busybox wget
        2⤵
          PID:374
      • /bin/sh
        sh -c "wget https://urlhaus.abuse.ch/downloads/text_online/ -q"
        1⤵
          PID:375
          • /usr/bin/wget
            wget https://urlhaus.abuse.ch/downloads/text_online/ -q
            2⤵
            • Modifies hosts file
            • Writes DNS configuration
            PID:376
        • /bin/sh
          sh -c "/bin/busybox wget 2>&1"
          1⤵
            PID:383
            • /bin/busybox
              /bin/busybox wget
              2⤵
                PID:384
            • /bin/sh
              sh -c "wget https://urlhaus.abuse.ch/downloads/text_online/ -q"
              1⤵
                PID:385
                • /usr/bin/wget
                  wget https://urlhaus.abuse.ch/downloads/text_online/ -q
                  2⤵
                  • Modifies hosts file
                  • Writes DNS configuration
                  PID:386

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads