3d1a80de45d09ef9173ca60280eb598661af7f19673bdcd4ab14a0f32bd01ac8 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

a04ac6d98a...aa3de3

debian-9-armhf

9

Sharing

General

Target

a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
Size

77KB
Sample

230203-l8vjnaeb53
MD5

4243a805156b4fcbdb39f624097d6853
SHA1

171e7961485f5f26c6f2316f46ebc89fe8ebf122
SHA256

3d1a80de45d09ef9173ca60280eb598661af7f19673bdcd4ab14a0f32bd01ac8
SHA512

fa9080149351c9208a643a1c71104d4c205ff6ebdcfc61276c59cfd12bdd8db6cae826bfda48f2f1b56c6a7265c52c93d84fe47dffd281f75e59fea8c216629d
SSDEEP

1536:00tcuyhIbiUqqukri02mNyU23M51DjZgSQAvcYkFtjusoFTB2tG:WzqB2i5ljnQsxoU

Score

9^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3

Resource

debian9-armhf-en-20211208

debian-9-armhf

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
- Size
  
  78KB
- MD5
  
  9b6c3518a91d23ed77504b5416bfb5b3
- SHA1
  
  0a2d170abbf5031566377b01431e3b82d342630a
- SHA256
  
  a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
- SHA512
  
  b2b08d5d5e6c6708d88b793e9340a780d47b5dce61e0a3026b4cdea8a9e4cbf9824037255e4ea4a40fee5bce956485232376d4677ce72ccb6c7f00badd09956e
- SSDEEP
  
  1536:87vbq1lGAXSEYQjbChaAU2yU23M51DjZgSQAvcYkFtZTjzBht5:8D+CAXFYQChaAUk5ljnQssL
Score

9^/10

discovery
- Contacts a large (5787) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy