3ffb3866e00de84b7d9272dcbad55efe84bd01a67599afaee35e9567f737417b

Analysis

max time kernel
152s
max time network
154s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
20/04/2023, 13:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

75b78c34d786976ae25aced96aa618a1.elf
Size

57KB
MD5

75b78c34d786976ae25aced96aa618a1
SHA1

cdc3d66db06b38ab5a94043c84d54c87afa2e42f
SHA256

3ffb3866e00de84b7d9272dcbad55efe84bd01a67599afaee35e9567f737417b
SHA512

a757998e7fade8baf3ee6f353df26195e944b299d0d4ec3f28239f6b8cfc93155ee7c7667623f65a2548a306f6123e2e10bf602027634b0285661881aa3c2d43
SSDEEP

1536:QBtq9fgL+3WT2HblbeWsfUOTVmmpNhUyklVSOOCq7Zw3P:h9fg63D7zsvVmmvxkiVZkP

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (92987) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/29/cmdline	/proc/29/cmdline	Process not Found
/proc/41/cmdline	/proc/41/cmdline	Process not Found
/proc/103/cmdline	/proc/103/cmdline	Process not Found
/proc/230/cmdline	/proc/230/cmdline	Process not Found
/proc/347/cmdline	/proc/347/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/26/cmdline	/proc/26/cmdline	Process not Found
/proc/388/cmdline	/proc/388/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/95/cmdline	/proc/95/cmdline	Process not Found
/proc/154/cmdline	/proc/154/cmdline	Process not Found
/proc/368/cmdline	/proc/368/cmdline	Process not Found
/proc/372/cmdline	/proc/372/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/374/cmdline	/proc/374/cmdline	Process not Found
/proc/354/cmdline	/proc/354/cmdline	Process not Found
/proc/382/cmdline	/proc/382/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/105/cmdline	/proc/105/cmdline	Process not Found
/proc/271/cmdline	/proc/271/cmdline	Process not Found
/proc/self/exe	/proc/self/exe	75b78c34d786976ae25aced96aa618a1.elf
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/228/cmdline	/proc/228/cmdline	Process not Found
/proc/233/cmdline	/proc/233/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/132/cmdline	/proc/132/cmdline	Process not Found
/proc/370/cmdline	/proc/370/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/131/cmdline	/proc/131/cmdline	Process not Found
/proc/74/cmdline	/proc/74/cmdline	Process not Found
/proc/376/cmdline	/proc/376/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/42/cmdline	/proc/42/cmdline	Process not Found
/proc/43/cmdline	/proc/43/cmdline	Process not Found
/proc/225/cmdline	/proc/225/cmdline	Process not Found
/proc/304/cmdline	/proc/304/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found
/proc/5/cmdline	/proc/5/cmdline	Process not Found
/proc/363/cmdline	/proc/363/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/144/cmdline	/proc/144/cmdline	Process not Found
/proc/345/cmdline	/proc/345/cmdline	Process not Found
/proc/356/cmdline	/proc/356/cmdline	Process not Found
/proc/380/cmdline	/proc/380/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found
/proc/276/cmdline	/proc/276/cmdline	Process not Found
/proc/207/cmdline	/proc/207/cmdline	Process not Found
/proc/378/cmdline	/proc/378/cmdline	Process not Found
/proc/386/cmdline	/proc/386/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/25/cmdline	/proc/25/cmdline	Process not Found
/proc/285/cmdline	/proc/285/cmdline	Process not Found
/proc/306/cmdline	/proc/306/cmdline	Process not Found

/tmp/75b78c34d786976ae25aced96aa618a1.elf
/tmp/75b78c34d786976ae25aced96aa618a1.elf
1⤵
- Reads runtime system information
PID:351

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads