Analysis
-
max time kernel
150s -
max time network
153s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
02-05-2023 01:24
General
-
Target
e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf.elf
-
Size
44KB
-
MD5
42eca5af3ea9b13d88404974c1720197
-
SHA1
4caa835eefa6ad74817384123292814cad31149e
-
SHA256
e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf
-
SHA512
763e72ac779f305d64b135f5a4bcf6feba4dbc5274b51236a2447f8f7aeb2613be0fdd3593fd1f596b30736c04011b7ffea9077244900e3c7a4205ead8ce96ec
-
SSDEEP
768:fJS4GmW3BHKBa0BJXEALN5oSWgjYS62j5Zg3lyReMGXTUAiflWz:bGmqga0BJXEALNWghjaly0PTUAis
Malware Config
Extracted
mirai
KYTON
Signatures
-
Contacts a large (112444) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Changes its process name 1 IoCs
Processes:
e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself R8u7fV7Ap777 329 e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/333/exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/329-1-0x00400000-0x00463f7c-memory.dmp