8fdf3c5043ef7f6529e236baf80ade0d919506d57140c9329b81f9e6735cf0f1

Analysis

max time kernel
0s
max time network
123s
platform
debian-9_mips
resource
debian9-mipsbe-20221111-en
resource tags

arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
19-03-2023 11:50

Target

3ec972eeecdeb196652d34ae52af510e.elf
Size

151KB
MD5

3ec972eeecdeb196652d34ae52af510e
SHA1

45301b64d23fd1c500492c7e8d7316f5e1bf076c
SHA256

8fdf3c5043ef7f6529e236baf80ade0d919506d57140c9329b81f9e6735cf0f1
SHA512

3108b60bdf7208ef31fc4e07e9923a1506d3019efd502263c248139aab561385059dd9771989fa0ec3b86dce511d0995230e605cad90e3947d3da65870d4e9b6
SSDEEP

3072:JW6dm9tS1aRGQdK76t/zCzI5mrThPaLEnvPrNb:c6IG+LCUmrThPaLEnvPrNb

Score

9^/10

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

3ec972eeecdeb196652d34ae52af510e.elf

description ioc process

/proc/net/route /proc/net/route 3ec972eeecdeb196652d34ae52af510e.elf
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

3ec972eeecdeb196652d34ae52af510e.elf

description ioc process

/proc/net/route /proc/net/route 3ec972eeecdeb196652d34ae52af510e.elf

description	ioc	process
/proc/net/route	/proc/net/route	3ec972eeecdeb196652d34ae52af510e.elf

description	ioc	process
/proc/net/route	/proc/net/route	3ec972eeecdeb196652d34ae52af510e.elf

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact