Analysis
-
max time kernel
7262s -
max time network
163s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
03/02/2023, 19:09
Behavioral task
behavioral1
Sample
4ef2ea170050df0f16ae817151a01db6.elf
Resource
debian9-mipsbe-20221111-en
General
-
Target
4ef2ea170050df0f16ae817151a01db6.elf
-
Size
82KB
-
MD5
4ef2ea170050df0f16ae817151a01db6
-
SHA1
9ea73abb42c059f69cf95e7a498467aa2cc5ef5b
-
SHA256
dbaa2f1194c9078ffd78b66ae8ecfea47a7cc26aecee782bdd5bb258a253e50d
-
SHA512
c71773a354220f4ff4a361b98017093adba843f7a4a9f1f9f7c619c800f62acdeb6f2b163570015d436c1718785570d5d1ba5702833228b78b2949ed7ac0a439
-
SSDEEP
1536:Zg3n+jqiBrauU+sB87aehoZ/u3qMpmItuG:ZU+j3BrauGBG9v3qO3
Malware Config
Signatures
-
Contacts a large (131967) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/4ef2ea170050df0f16ae817151a01db6.elf /tmp/4ef2ea170050df0f16ae817151a01db6.elf 4ef2ea170050df0f16ae817151a01db6.elf