Overview

overview

9

Static

static

f8cc042317...f1c506

ubuntu-18.04-amd64

5

f8cc042317...f1c506

debian-9-armhf

5

f8cc042317...f1c506

debian-9-mips

9

f8cc042317...f1c506

debian-9-mipsel

5

Analysis

  • max time kernel
    1266s
  • max time network
    157s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20221111-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    25-11-2022 22:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506

  • Size

    603B

  • MD5

    cd00bcf841a3eede649d5a1797a03f5c

  • SHA1

    c35f0a6d69f6bfaa044260ed939eef4a93ff7374

  • SHA256

    f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506

  • SHA512

    2a66497bfd183b004f023b46587d930da375147ff5cc6edad3ce26c2584204798d10fa5edc25c0b246978a795c84c8998b0f50ec01d89f8682b400ae7e371706

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506
    /tmp/f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506
    1⤵
    • Writes file to tmp directory
    PID:323
    • /sbin/fdisk
      fdisk /dev/sda
      2⤵
        PID:333
      • /sbin/mkfs.ext2
        mkfs.ext2 /dev/sda1
        2⤵
        • Reads runtime system information
        PID:334
      • /bin/rm
        rm -rf hd
        2⤵
          PID:335
        • /bin/mkdir
          mkdir hd
          2⤵
          • Reads runtime system information
          PID:336
        • /bin/mount
          mount /dev/sda1 hd
          2⤵
          • Reads runtime system information
          PID:337
        • /bin/rm
          rm -rf hd/bin hd/boot hd/dev hd/etc hd/home hd/initrd.img hd/initrd.img.old hd/lib hd/lost+found hd/media hd/mnt hd/opt hd/proc hd/root hd/run hd/sbin hd/srv hd/sys hd/tmp hd/usr hd/var hd/vmlinux hd/vmlinux.old
          2⤵
          • Enumerates kernel/hardware configuration
          PID:340
      • /bin/grep
        grep -m 1 Disk
        1⤵
          PID:330
        • /sbin/fdisk
          fdisk -l
          1⤵
          • Reads runtime system information
          PID:329
        • /usr/bin/awk
          awk -F: "{print \$1}"
          1⤵
            PID:332
          • /usr/bin/awk
            awk "{print \$2}"
            1⤵
              PID:331

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads