Analysis
-
max time kernel
10848s -
max time network
147s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20221111-en -
resource tags
arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
17-03-2023 07:34
Behavioral task
behavioral1
Sample
79b109349de9c2dcef20bd811c92b9ea.elf
Resource
debian9-mipsel-20221111-en
General
-
Target
79b109349de9c2dcef20bd811c92b9ea.elf
-
Size
151KB
-
MD5
79b109349de9c2dcef20bd811c92b9ea
-
SHA1
d2798e7b86b6fb0578d7faf25f771cb3f69fa141
-
SHA256
5b1a9229a68f1da2c030073e6c92ac0144c0e1d0a239656485dd65fb7fcf16b5
-
SHA512
73bc7ea8bb1b928f2b4ad5910e3e05b473fafa50dd9d9fd5541ffd85e787339c346bb1f84995dc71cad5fd6eeb7758674209cd21845e6ea76a8774dd2df61a16
-
SSDEEP
3072:dgZc9h1jlnLA2PiXYeyCcFVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZFVWDo9mrThPaLEnvP5
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
79b109349de9c2dcef20bd811c92b9ea.elfdescription ioc process /proc/net/route /proc/net/route 79b109349de9c2dcef20bd811c92b9ea.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
79b109349de9c2dcef20bd811c92b9ea.elfdescription ioc process /proc/net/route /proc/net/route 79b109349de9c2dcef20bd811c92b9ea.elf