Analysis
-
max time kernel
9366s -
max time network
43s -
platform
debian-9_armhf -
resource
debian9-armhf-20221111-en -
resource tags
arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
28-02-2023 03:24
Behavioral task
behavioral1
Sample
1ab266378ac3e8ac712e2163a3e1d602.armv6l.bin
Resource
debian9-armhf-20221111-en
General
-
Target
1ab266378ac3e8ac712e2163a3e1d602.armv6l.bin
-
Size
310KB
-
MD5
1ab266378ac3e8ac712e2163a3e1d602
-
SHA1
18682aea652155010894029fb7e1bedbae6d2d0a
-
SHA256
e0e093ade5df95cc88cea86d1c0c86ea2b1d67913d37f8eb9d2d20ca7819b9a1
-
SHA512
ad9e08d4f4e02c08032b4945c4b5cb279d22b46da8e104d9240a8e13f17383c9f4052b2876c1e84bb4a5f8e544e238af58f4a7b9b785aad69f87f2f9373fbce7
-
SSDEEP
6144:YY8t809ndLXsp8aHGwe3QjtGkTKTletJ8a8f6Cj7L9mcDREIG4N4:/Gdrsp8aHVNtGkuetJ8a8t7L9mc1EIG3
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
1ab266378ac3e8ac712e2163a3e1d602.armv6l.bindescription ioc process /proc/net/route /proc/net/route 1ab266378ac3e8ac712e2163a3e1d602.armv6l.bin -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
1ab266378ac3e8ac712e2163a3e1d602.armv6l.bindescription ioc process /proc/net/route /proc/net/route 1ab266378ac3e8ac712e2163a3e1d602.armv6l.bin