dbaa2f1194c9078ffd78b66ae8ecfea47a7cc26aecee782bdd5bb258a253e50d

Analysis

max time kernel
7262s
max time network
163s
platform
debian-9_mips
resource
debian9-mipsbe-20221111-en
resource tags

arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
03/02/2023, 19:09

Target

4ef2ea170050df0f16ae817151a01db6.elf
Size

82KB
MD5

4ef2ea170050df0f16ae817151a01db6
SHA1

9ea73abb42c059f69cf95e7a498467aa2cc5ef5b
SHA256

dbaa2f1194c9078ffd78b66ae8ecfea47a7cc26aecee782bdd5bb258a253e50d
SHA512

c71773a354220f4ff4a361b98017093adba843f7a4a9f1f9f7c619c800f62acdeb6f2b163570015d436c1718785570d5d1ba5702833228b78b2949ed7ac0a439
SSDEEP

1536:Zg3n+jqiBrauU+sB87aehoZ/u3qMpmItuG:ZU+j3BrauGBG9v3qO3

Score

9^/10

discovery

Contacts a large (131967) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/4ef2ea170050df0f16ae817151a01db6.elf	/tmp/4ef2ea170050df0f16ae817151a01db6.elf	4ef2ea170050df0f16ae817151a01db6.elf

/tmp/4ef2ea170050df0f16ae817151a01db6.elf
/tmp/4ef2ea170050df0f16ae817151a01db6.elf
1⤵
- Writes file to tmp directory
PID:331

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact