Analysis
-
max time kernel
10858s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
17-03-2023 10:03
Behavioral task
behavioral1
Sample
3e07eb641db5dd8196c79b3f7d87b3c3.elf
Resource
debian9-mipsbe-20221111-en
General
-
Target
3e07eb641db5dd8196c79b3f7d87b3c3.elf
-
Size
151KB
-
MD5
3e07eb641db5dd8196c79b3f7d87b3c3
-
SHA1
6fff83fb7411bf8466b808bd2337de336ad0cfad
-
SHA256
95f312bcbe88e0404ebf829e99b82a638a80e37c5eacee2ff53006815192044c
-
SHA512
5e44cf69321c192ca7a5cd99860b917915cddc1037a4ec8b30588a4e7df959602906f9346d3323d287eeeefc1b67c713a11629567f2a3940ac7b1f86c9daccc3
-
SSDEEP
3072:JW6dm9tS1aRGQdK76t/zCVI5mrThPaLEnvPrNb:c6IG+LCKmrThPaLEnvPrNb
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
3e07eb641db5dd8196c79b3f7d87b3c3.elfdescription ioc process /proc/net/route /proc/net/route 3e07eb641db5dd8196c79b3f7d87b3c3.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
3e07eb641db5dd8196c79b3f7d87b3c3.elfdescription ioc process /proc/net/route /proc/net/route 3e07eb641db5dd8196c79b3f7d87b3c3.elf