Overview

overview

10

Static

static

10

1ab266378a...6l.bin

debian-9-armhf

9

Analysis

  • max time kernel
    9366s
  • max time network
    43s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    28-02-2023 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ab266378ac3e8ac712e2163a3e1d602.armv6l.bin

  • Size

    310KB

  • MD5

    1ab266378ac3e8ac712e2163a3e1d602

  • SHA1

    18682aea652155010894029fb7e1bedbae6d2d0a

  • SHA256

    e0e093ade5df95cc88cea86d1c0c86ea2b1d67913d37f8eb9d2d20ca7819b9a1

  • SHA512

    ad9e08d4f4e02c08032b4945c4b5cb279d22b46da8e104d9240a8e13f17383c9f4052b2876c1e84bb4a5f8e544e238af58f4a7b9b785aad69f87f2f9373fbce7

  • SSDEEP

    6144:YY8t809ndLXsp8aHGwe3QjtGkTKTletJ8a8f6Cj7L9mcDREIG4N4:/Gdrsp8aHVNtGkuetJ8a8t7L9mc1EIG3

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/1ab266378ac3e8ac712e2163a3e1d602.armv6l.bin
    /tmp/1ab266378ac3e8ac712e2163a3e1d602.armv6l.bin
    1⤵
    • Reads system routing table
    • Reads system network configuration
    PID:369

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads