Analysis
-
max time kernel
151s -
max time network
153s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
28-04-2023 13:51
Behavioral task
behavioral1
Sample
botx.arm7.elf
Resource
debian9-armhf-en-20211208
debian-9-armhf
5 signatures
150 seconds
General
-
Target
botx.arm7.elf
-
Size
128KB
-
MD5
e10d33eceea63f342e57f3c261935b85
-
SHA1
0fbc5526132b457c98408190668ba364dfc80cdf
-
SHA256
288cee437e602a748418bb8dff7053f6268b85e192eb29805e92c45fc81209d7
-
SHA512
064a50771c0ee5120d0487a315b06fc5c106acd9cfe14a42d0be6f97e5cd61e91e3d31f9d3a2193af121648d2deb67886fd6d2c3d7c069ff6dc5c8f6dfabf5a7
-
SSDEEP
3072:4MHPSeIp13MJNgSHfFBrDKiKweeS1j6VM/94LmywPoIlq:4MHPSeO3SgSHfFBXKQ3S1AM/94LmywPg
Score
9/10
Malware Config
Signatures
-
Contacts a large (47209) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Changes its process name 1 IoCs
Processes:
botx.arm7.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself f8rjr4roycltl6r22rqs 355 botx.arm7.elf