5469760732519bff25afdcbe4c79eae1c3cc80e8c3575831a6d80af315c86d72

Analysis

max time kernel
10849s
max time network
139s
platform
debian-9_mips
resource
debian9-mipsbe-20221111-en
resource tags

arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
17-03-2023 07:35

Target

b069841e407cc5714215b0b7c4b2ae0c.elf
Size

151KB
MD5

b069841e407cc5714215b0b7c4b2ae0c
SHA1

1bfe67df0649ba5561a47650d89c5a6e63c1e8e5
SHA256

5469760732519bff25afdcbe4c79eae1c3cc80e8c3575831a6d80af315c86d72
SHA512

88391c5215ab255f0641c370a598814ce9520049ed96e7a28ef33795e07aedb703e2480b857f6db84f7c0b7dd435865f7be919a3eb5fab321adef0acef2da235
SSDEEP

3072:JW6dm9tS1aRGQdK76t/zCEI5mrThPaLEnvPrNb:c6IG+LC5mrThPaLEnvPrNb

Score

9^/10

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

b069841e407cc5714215b0b7c4b2ae0c.elf

description ioc process

/proc/net/route /proc/net/route b069841e407cc5714215b0b7c4b2ae0c.elf
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

b069841e407cc5714215b0b7c4b2ae0c.elf

description ioc process

/proc/net/route /proc/net/route b069841e407cc5714215b0b7c4b2ae0c.elf

description	ioc	process
/proc/net/route	/proc/net/route	b069841e407cc5714215b0b7c4b2ae0c.elf

description	ioc	process
/proc/net/route	/proc/net/route	b069841e407cc5714215b0b7c4b2ae0c.elf

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact