Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20221111-en -
resource tags
arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
04-05-2023 08:39
General
-
Target
3369acc01660b74efc9774aa78f721cf.elf
-
Size
31KB
-
MD5
3369acc01660b74efc9774aa78f721cf
-
SHA1
9ab21dd7a9f32677baa08fd0055ce3f9fceb7c6b
-
SHA256
0b0614254f3a570fe40d3621b4bc09fa08e5710173747a56f9c316f0fa2dbde7
-
SHA512
4d7b4495868fac5cc3ce4a725287466d26969d311932a31fc4d668481705731e165e47d4f2e7f56cd5a6267208406d3a0fcc52d049b41efa3677fd3ad7af20c4
-
SSDEEP
384:/n6Ppdqf3I54hJulN7s1kNYTA/fKiFs4V9B6f8Oj0bCwFtNKpugmZ2aVoCzTRWG0:P4YuDs1kNJ/fKiFUf8OGCgG5qogdW3l
Malware Config
Extracted
mirai
LZRD
Signatures
-
Contacts a large (19775) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 13 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/218/fd File opened for reading /proc/230/fd File opened for reading /proc/232/fd File opened for reading /proc/251/fd File opened for reading /proc/1/fd File opened for reading /proc/158/fd File opened for reading /proc/206/fd File opened for reading /proc/217/fd File opened for reading /proc/252/fd File opened for reading /proc/257/fd File opened for reading /proc/138/fd File opened for reading /proc/332/exe File opened for reading /proc/329/exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/328-1-0x00400000-0x00456a28-memory.dmp