Analysis

  • max time kernel
    7262s
  • max time network
    163s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20221111-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    03/02/2023, 19:09

General

  • Target

    4ef2ea170050df0f16ae817151a01db6.elf

  • Size

    82KB

  • MD5

    4ef2ea170050df0f16ae817151a01db6

  • SHA1

    9ea73abb42c059f69cf95e7a498467aa2cc5ef5b

  • SHA256

    dbaa2f1194c9078ffd78b66ae8ecfea47a7cc26aecee782bdd5bb258a253e50d

  • SHA512

    c71773a354220f4ff4a361b98017093adba843f7a4a9f1f9f7c619c800f62acdeb6f2b163570015d436c1718785570d5d1ba5702833228b78b2949ed7ac0a439

  • SSDEEP

    1536:Zg3n+jqiBrauU+sB87aehoZ/u3qMpmItuG:ZU+j3BrauGBG9v3qO3

Score
9/10

Malware Config

Signatures

  • Contacts a large (131967) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/4ef2ea170050df0f16ae817151a01db6.elf
    /tmp/4ef2ea170050df0f16ae817151a01db6.elf
    1⤵
    • Writes file to tmp directory
    PID:331

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads