8961479f5b5f491993c7dbf5b12e4cb813ffc73ba8e1bb29c88d76b14b889220 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

a04ac6d98a...aa3de3

debian-9-armhf

9

Sharing

General

Target

a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
Size

77KB
Sample

230203-mca1taeb88
MD5

3cdc7b7ab4f2a40088ff9e41b4f71f94
SHA1

48afa16f2009cb88b1305c544cfce2e3f1e70c0f
SHA256

8961479f5b5f491993c7dbf5b12e4cb813ffc73ba8e1bb29c88d76b14b889220
SHA512

ae0b9fb9a49b4cf09b8a3ba5aae485a4d61f7522d26d878546eb9d0fbdf53c6c2e6505d26153da31b91ae79d0a65a1ee89f86b553c2d5d7d3ac2686080a685e6
SSDEEP

1536:/0tcuyhIbiUqqukri02mNyU23M51DjZgSQAvcYkFtjusoFTB2t5:PzqB2i5ljnQsxoH

Score

9^/10

Static task

static1

Behavioral task

behavioral1

Sample

a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3

Resource

debian9-armhf-en-20211208

debian-9-armhf

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
- Size
  
  78KB
- MD5
  
  9b6c3518a91d23ed77504b5416bfb5b3
- SHA1
  
  0a2d170abbf5031566377b01431e3b82d342630a
- SHA256
  
  a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
- SHA512
  
  b2b08d5d5e6c6708d88b793e9340a780d47b5dce61e0a3026b4cdea8a9e4cbf9824037255e4ea4a40fee5bce956485232376d4677ce72ccb6c7f00badd09956e
- SSDEEP
  
  1536:87vbq1lGAXSEYQjbChaAU2yU23M51DjZgSQAvcYkFtZTjzBht5:8D+CAXFYQChaAUk5ljnQssL
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy