Overview

overview

10

Static

static

10

[MS]

debian-9-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    [MS]

  • Size

    415KB

  • Sample

    230222-3qc1bsea73

  • MD5

    7e7f8052cc34a6e6318d8b3dd396b4f7

  • SHA1

    049b8ea8b94e5cf49d5631df73406263df0c3f06

  • SHA256

    f7113577b5a2b5bb4bb27d8ba723cbbf638ec572de5d21d4e65c2c3e3ac9fd3b

  • SHA512

    b28b9c1799adfe06c32a27c0ddc2caac0c1c1ff6ae98058daddd2567b6904fbd456683de048ac74e2da89088011281d9adc30902145932b520a5e4c85640748e

  • SSDEEP

    6144:KXR1XbA69flWQIDK+rcjExHC3f9Vmws68nZqLdDILvzsr3G6:KB1s69flMKsQVmws68n8LdDILvzsr3G6

Score
10/10
kaitenpersistence

Malware Config

Targets

    • Target

      [MS]

    • Size

      415KB

    • MD5

      7e7f8052cc34a6e6318d8b3dd396b4f7

    • SHA1

      049b8ea8b94e5cf49d5631df73406263df0c3f06

    • SHA256

      f7113577b5a2b5bb4bb27d8ba723cbbf638ec572de5d21d4e65c2c3e3ac9fd3b

    • SHA512

      b28b9c1799adfe06c32a27c0ddc2caac0c1c1ff6ae98058daddd2567b6904fbd456683de048ac74e2da89088011281d9adc30902145932b520a5e4c85640748e

    • SSDEEP

      6144:KXR1XbA69flWQIDK+rcjExHC3f9Vmws68nZqLdDILvzsr3G6:KB1s69flMKsQVmws68n8LdDILvzsr3G6

    Score
    9/10
    persistence

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Write file to user bin folder

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks