Overview

overview

9

Static

static

7

4d2e99b877...7f.elf

debian-9-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b31d17a8202314dd08a2bb3765d58286.bin

  • Size

    32KB

  • Sample

    230325-b7vg6acf5y

  • MD5

    6e7a0d11c7a5bb5109c65fabff568da2

  • SHA1

    1403b0bf3326d32b86fc88716c7f2809214007e8

  • SHA256

    d8053de716a7df632464ffad7dab5be4a253897373d820da9c5bc17731f1e7c4

  • SHA512

    b94401a7a11d018703bb5c5080e41dbb6ee697b1f18f8eee3794c02ea0f75b2d88d159c0de6eca273faa1efb08d2eb6cfc63f720bfa27a84aabe7c5459b09163

  • SSDEEP

    768:TOKhgVF3NKRIR+qRVwAq1wQ1Qk9kjt6iZZTBwje:3RYCBmiQkot6iZZTBV

Score
9/10
discoveryupx

Malware Config

Targets

    • Target

      4d2e99b8773275515e777aa107b54d3e76b36460b44645f6249f86e474d80b7f.elf

    • Size

      33KB

    • MD5

      b31d17a8202314dd08a2bb3765d58286

    • SHA1

      56bfb5070a36d79f03078b5d93d1b7f521b045a3

    • SHA256

      4d2e99b8773275515e777aa107b54d3e76b36460b44645f6249f86e474d80b7f

    • SHA512

      024f583d71460c239df7be6d472511e7303708468673c036d8a23f9a79586aefafbb4693a0b89c076ff2db1122d2ed96d7fe62ecc70577b6e6a7bba1efde4f35

    • SSDEEP

      768:BQUJiFBSveZxk9Hf/6h8ge+ZMc0MAjTru8CIlriHqrnbzpWi8:liF8vgxc/r+ZMc0M6T+IZiKnbzJ8

    Score
    9/10
    discovery

    • Contacts a large (28157) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks