Overview

overview

10

Static

static

10

[M].elf

debian-9-mips

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    [M].elf

  • Size

    415KB

  • Sample

    230227-nnwmbsdd96

  • MD5

    e3d9d55db7878ca7cc4af6189e589b8e

  • SHA1

    8ef878c33c1cba59abcac56acae32b94af5cafaf

  • SHA256

    8ec222368d75e7deb89848d4d9e44fa3119a20bdcbbb119a896f91b271b2e7a3

  • SHA512

    0ea2c96d07e8badf29f1f9a3506c099234c888f09761d4b90ab597cb9d729b267e4f226fca1053dac8a1b06dabc17ed29cc0d9ce0d5668403ff7034e00faf826

  • SSDEEP

    6144:ivao2zK0unP2Wu5eyQIl41NzyMRmls68nZqLdDILvzsr3G1:O2zNQPVs+5mls68n8LdDILvzsr3G1

Score
10/10
kaitenpersistence

Malware Config

Targets

    • Target

      [M].elf

    • Size

      415KB

    • MD5

      e3d9d55db7878ca7cc4af6189e589b8e

    • SHA1

      8ef878c33c1cba59abcac56acae32b94af5cafaf

    • SHA256

      8ec222368d75e7deb89848d4d9e44fa3119a20bdcbbb119a896f91b271b2e7a3

    • SHA512

      0ea2c96d07e8badf29f1f9a3506c099234c888f09761d4b90ab597cb9d729b267e4f226fca1053dac8a1b06dabc17ed29cc0d9ce0d5668403ff7034e00faf826

    • SSDEEP

      6144:ivao2zK0unP2Wu5eyQIl41NzyMRmls68nZqLdDILvzsr3G1:O2zNQPVs+5mls68n8LdDILvzsr3G1

    Score
    9/10
    persistence

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Write file to user bin folder

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks