Analysis
-
max time kernel
10849s -
max time network
139s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
17-03-2023 07:35
Behavioral task
behavioral1
Sample
b069841e407cc5714215b0b7c4b2ae0c.elf
Resource
debian9-mipsbe-20221111-en
General
-
Target
b069841e407cc5714215b0b7c4b2ae0c.elf
-
Size
151KB
-
MD5
b069841e407cc5714215b0b7c4b2ae0c
-
SHA1
1bfe67df0649ba5561a47650d89c5a6e63c1e8e5
-
SHA256
5469760732519bff25afdcbe4c79eae1c3cc80e8c3575831a6d80af315c86d72
-
SHA512
88391c5215ab255f0641c370a598814ce9520049ed96e7a28ef33795e07aedb703e2480b857f6db84f7c0b7dd435865f7be919a3eb5fab321adef0acef2da235
-
SSDEEP
3072:JW6dm9tS1aRGQdK76t/zCEI5mrThPaLEnvPrNb:c6IG+LC5mrThPaLEnvPrNb
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
b069841e407cc5714215b0b7c4b2ae0c.elfdescription ioc process /proc/net/route /proc/net/route b069841e407cc5714215b0b7c4b2ae0c.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
b069841e407cc5714215b0b7c4b2ae0c.elfdescription ioc process /proc/net/route /proc/net/route b069841e407cc5714215b0b7c4b2ae0c.elf