Analysis
-
max time kernel
40426s -
max time network
153s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
resource tags
arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21-03-2023 14:40
Behavioral task
behavioral1
Sample
ea90699a0a702614fd8f533961a45c1c3d1c0ea1da96ccbba4ea745e640bebe6.elf
Resource
debian9-mipsbe-en-20211208
General
-
Target
ea90699a0a702614fd8f533961a45c1c3d1c0ea1da96ccbba4ea745e640bebe6.elf
-
Size
151KB
-
MD5
723da50f4df1235c3669184fa5e26330
-
SHA1
78a2a2bca0c788adf0cf2dc9e69e5b841d3675be
-
SHA256
ea90699a0a702614fd8f533961a45c1c3d1c0ea1da96ccbba4ea745e640bebe6
-
SHA512
f6e03b47d5d2b09883298fabbc008f1c43a29b3ccd8a7dc2095d23b492af6efe6228f1e7d334962141910fa83c0d87dc685b79a4132377c88930963f1d287b9e
-
SSDEEP
3072:nWhzYxYCS1bxmjwLkqkmksQnGXmrThPaLEnvPrNb:WhUe4uk9GXmrThPaLEnvPrNb
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
ea90699a0a702614fd8f533961a45c1c3d1c0ea1da96ccbba4ea745e640bebe6.elfdescription ioc process /proc/net/route /proc/net/route ea90699a0a702614fd8f533961a45c1c3d1c0ea1da96ccbba4ea745e640bebe6.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
ea90699a0a702614fd8f533961a45c1c3d1c0ea1da96ccbba4ea745e640bebe6.elfdescription ioc process /proc/net/route /proc/net/route ea90699a0a702614fd8f533961a45c1c3d1c0ea1da96ccbba4ea745e640bebe6.elf