Analysis
-
max time kernel
11037s -
max time network
140s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20221111-en -
resource tags
arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
19-03-2023 11:51
Behavioral task
behavioral1
Sample
2b5360af6ec9603a7d72ac1c5c264551.elf
Resource
debian9-mipsel-20221111-en
General
-
Target
2b5360af6ec9603a7d72ac1c5c264551.elf
-
Size
151KB
-
MD5
2b5360af6ec9603a7d72ac1c5c264551
-
SHA1
2c116bf874d8299d600df6781742457f10a5fd13
-
SHA256
440d42d1b5261793b95f9c1b19d9754eb51c28ab184585721507f32d6778be81
-
SHA512
254ba1b492aeb9a1c58023caae2b49f4308f3b1b91eca8ae02e787c8ed5a9f4e30549006303806c1376813a3264b5be981816e7fc8859e825615dae7a5e965d6
-
SSDEEP
3072:dgZc9h1jlnLA2PiXYeyCc2VNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZ2VWDo9mrThPaLEnvP5
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
2b5360af6ec9603a7d72ac1c5c264551.elfdescription ioc process /proc/net/route /proc/net/route 2b5360af6ec9603a7d72ac1c5c264551.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
2b5360af6ec9603a7d72ac1c5c264551.elfdescription ioc process /proc/net/route /proc/net/route 2b5360af6ec9603a7d72ac1c5c264551.elf