Overview

overview

10

Static

static

10

20396fc30d...6f.elf

debian-9-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20396fc30d9672e424786e0b089c136f.elf

  • Size

    138KB

  • Sample

    221219-rfjjksfb82

  • MD5

    20396fc30d9672e424786e0b089c136f

  • SHA1

    075d1f746f770cac266dd6058276124af3cf5ad4

  • SHA256

    618edea744c82f2e929e742cdff5488fb82bd8292b7e875e1f5bdd6984bdb084

  • SHA512

    5e09fd16263ae482d638d7d4c494e8c7be86681a764dc8441b1686077531593e7d2973eb08c07f608bc9b2f2d8903378422974630472d07791a3ac22c59a0912

  • SSDEEP

    3072:RdMCxfXZV3KIUbLz/0mJPMcyA3/cZGCvOmxtT:RdMCxfXZV3KIUbLz/Mxt

Score
10/10
miraidiscovery

Malware Config

Targets

    • Target

      20396fc30d9672e424786e0b089c136f.elf

    • Size

      138KB

    • MD5

      20396fc30d9672e424786e0b089c136f

    • SHA1

      075d1f746f770cac266dd6058276124af3cf5ad4

    • SHA256

      618edea744c82f2e929e742cdff5488fb82bd8292b7e875e1f5bdd6984bdb084

    • SHA512

      5e09fd16263ae482d638d7d4c494e8c7be86681a764dc8441b1686077531593e7d2973eb08c07f608bc9b2f2d8903378422974630472d07791a3ac22c59a0912

    • SSDEEP

      3072:RdMCxfXZV3KIUbLz/0mJPMcyA3/cZGCvOmxtT:RdMCxfXZV3KIUbLz/Mxt

    Score
    9/10
    discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks