Analysis
-
max time kernel
40422s -
max time network
152s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21-03-2023 13:27
Behavioral task
behavioral1
Sample
b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031.elf
Resource
debian9-mipsel-en-20211208
General
-
Target
b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031.elf
-
Size
151KB
-
MD5
6829bd31605e02668ff1a34df49200e1
-
SHA1
84e7afed11bc227a48564e7e672ff2064b750fc1
-
SHA256
b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031
-
SHA512
38134559f58d7a8ce1fa1f2147b1778a3b10ed233e2278b218515931229516160bcfa9f238eac035644ecf3e45cb6689848aab0054852dbcd7d2dade2fd26110
-
SSDEEP
3072:34yA4MlDX2PW4aJC1mauRshTp4jmrThPaLEnvPrNb:34plDX2P5aJ0dJHQmrThPaLEnvPrNb
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031.elfdescription ioc process /proc/net/route /proc/net/route b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031.elfdescription ioc process /proc/net/route /proc/net/route b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031.elf