Overview

overview

9

Static

static

1

bok.arm7-2...06.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bok.arm7-20230311-0506.elf

  • Size

    64KB

  • Sample

    230311-frzt6agf34

  • MD5

    a1a453693b8bd2292f79aac3a691e074

  • SHA1

    bc3748e3bbed4c97312ec1a0e8f6a7bfe2408d16

  • SHA256

    ec1377c698dcff593dd387531e6ab2f1be20eb8edfd941f9e0cc154f80d695e2

  • SHA512

    217ab9284b4c9d3169423682ca01080d65c8f6d9993636f27a52ff977eb6305cbaf6692d54ceecad8cd45a24fb0e07e8c2f5b0a05a9d6ed8b371aadffb7ce097

  • SSDEEP

    1536:ocCWWdbaZ/sUlvnQO/mnVB2B0HmaL+XOUDFW6HMd2MDXLt+9EpWt7:e7ANfnhmC0jS+gFW6VMDXLwV

Score
9/10
discovery

Malware Config

Targets

    • Target

      bok.arm7-20230311-0506.elf

    • Size

      64KB

    • MD5

      a1a453693b8bd2292f79aac3a691e074

    • SHA1

      bc3748e3bbed4c97312ec1a0e8f6a7bfe2408d16

    • SHA256

      ec1377c698dcff593dd387531e6ab2f1be20eb8edfd941f9e0cc154f80d695e2

    • SHA512

      217ab9284b4c9d3169423682ca01080d65c8f6d9993636f27a52ff977eb6305cbaf6692d54ceecad8cd45a24fb0e07e8c2f5b0a05a9d6ed8b371aadffb7ce097

    • SSDEEP

      1536:ocCWWdbaZ/sUlvnQO/mnVB2B0HmaL+XOUDFW6HMd2MDXLt+9EpWt7:e7ANfnhmC0jS+gFW6VMDXLwV

    Score
    9/10
    discovery

    • Contacts a large (42874) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks