Analysis
-
max time kernel
150s -
max time network
155s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
01-05-2023 01:33
General
-
Target
828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf
-
Size
29KB
-
MD5
532d634e636df94d048ffe5d14070515
-
SHA1
79a02c1a8c9fc711c839d4b2a42609f715d3a2dd
-
SHA256
828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758
-
SHA512
ca909cf74d8136d1fe4fc6520398278fa4e47d39e522866737e80d40e6b9468b4a57c262a9089a7b83d8a13bbcb81882d59517b17159668be66731cdd1b5f719
-
SSDEEP
768:LK6ZNaTDl14+35/uPg6f3+1IisZMUzltx+HnhmyJgGlzDpbuR1Jd:L1CDn4+3MY6ftiFUht8Hs2VJu/
Malware Config
Extracted
mirai
UNST
Signatures
-
Contacts a large (60786) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 2 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elfdescription ioc process File opened for reading /proc/net/tcp 828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf File opened for reading /proc/net/tcp -
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elfdescription ioc process File opened for reading /proc/net/tcp 828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf File opened for reading /proc/net/tcp -
Reads runtime system information 25 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/215/fd File opened for reading /proc/252/fd File opened for reading /proc/254/fd File opened for reading /proc/284/fd File opened for reading /proc/290/fd File opened for reading /proc/304/fd File opened for reading /proc/342/fd File opened for reading /proc/139/fd File opened for reading /proc/155/fd File opened for reading /proc/223/fd File opened for reading /proc/224/fd File opened for reading /proc/227/fd File opened for reading /proc/228/fd File opened for reading /proc/258/fd File opened for reading /proc/303/fd File opened for reading /proc/1/fd File opened for reading /proc/347/fd File opened for reading /proc/349/fd File opened for reading /proc/338/fd File opened for reading /proc/332/fd File opened for reading /proc/348/fd File opened for reading /proc/353/fd File opened for reading /proc/347/exe File opened for reading /proc/292/fd File opened for reading /proc/344/fd
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/337-1-0x00400000-0x00457ca8-memory.dmp