bc5964d46a872260b429717a7263ccbece8592b34b84869563d6092c868a253a | Triage

Sharing

General

Target

mips
Size

36KB
Sample

230201-eerscabg42
MD5

2a0dace3cfe5115995f26768f711f011
SHA1

f5840e00ba9aaf28c5542944bfdfbd9cc0d0f281
SHA256

bc5964d46a872260b429717a7263ccbece8592b34b84869563d6092c868a253a
SHA512

b19af04fefbcdeb53cd812b8d0c979fbd96d6d13c1205ee773c754c887870fd4ef578799b8c0b5b8adc5a01c47491b9b5b770b0183bef5da47c156db518541c4
SSDEEP

384:HeHq05iI2EGySkjocP9MjzTrT0jGLU1ZYORKEiSsd9dA/OmU4xki+nWy2xp4Rds7:+GIGjzb0fald9dsOpyki+nWyguTi

Score

9^/10

antivm

Malware Config

Targets

- Target
  
  mips
- Size
  
  36KB
- MD5
  
  2a0dace3cfe5115995f26768f711f011
- SHA1
  
  f5840e00ba9aaf28c5542944bfdfbd9cc0d0f281
- SHA256
  
  bc5964d46a872260b429717a7263ccbece8592b34b84869563d6092c868a253a
- SHA512
  
  b19af04fefbcdeb53cd812b8d0c979fbd96d6d13c1205ee773c754c887870fd4ef578799b8c0b5b8adc5a01c47491b9b5b770b0183bef5da47c156db518541c4
- SSDEEP
  
  384:HeHq05iI2EGySkjocP9MjzTrT0jGLU1ZYORKEiSsd9dA/OmU4xki+nWy2xp4Rds7:+GIGjzb0fald9dsOpyki+nWyguTi
Score

9^/10

antivm
- Attempts to identify hypervisor via CPU configuration
  Checks CPU information for indicators that the system is a virtual machine.
  antivm
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1