9582a896fe77d962c1521ec75658ac2319c6a4d4bafb490421ac75d96e63efbf

Analysis

max time kernel
40838s
max time network
151s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
26/03/2023, 09:02

Target

99c10e90b6a44959df3bdba73a364760.elf
Size

98KB
MD5

99c10e90b6a44959df3bdba73a364760
SHA1

9fa1523b5823309e58839980b6fa74909e94b337
SHA256

9582a896fe77d962c1521ec75658ac2319c6a4d4bafb490421ac75d96e63efbf
SHA512

281b4c1eed055b0d23e6cc2f174ca92f03f304fd84167d8434e6d95ed9c702c76645ce9c609c7acea7064158c2928b391b8e191106ed407e42c092827b8d5eed
SSDEEP

1536:FIPW9MIA6KTsn8K30hfOrXI8bhOYzsFMXy8DDoeQoM3WqRj:KO9jA6KhK3eOrY8bhbo2y8DDoeQoM3z5

Score

9^/10

discovery

Contacts a large (19995) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc
/proc/	/proc/

/tmp/99c10e90b6a44959df3bdba73a364760.elf
/tmp/99c10e90b6a44959df3bdba73a364760.elf
1⤵
PID:331

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact