Analysis
-
max time kernel
124s -
max time network
160s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
11-05-2023 18:51
General
-
Target
SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bin
-
Size
26KB
-
MD5
5e049ed7c60e7e05104d1d654161d868
-
SHA1
b92ecbbdd86b5197aef0752bed2bf959803298f1
-
SHA256
e61207e0bc6e69fd28d17073fb08256bc288be9ce949760dc0758d81447ed2d7
-
SHA512
6a8b0d4077ffba105d765ec326e8e8ff62492b4753559b80ff3f79c9533a06d8075e863f161638d62cf8ce0802c8820c2c32b53aff70ae52f888d79e31b292be
-
SSDEEP
768:WUnnuN5h5MO30lW1YhtXhWMbOiJgGlzDpbuR1JP:WUnurjMOLYLhWanVJuZ
Malware Config
Signatures
-
Contacts a large (80678) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name 1 IoCs
Processes:
SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bindescription ioc pid process Changes the process name, possibly in an attempt to hide itself /var/Sofia 337 SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bin -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bindescription ioc process File opened for reading /proc/net/tcp SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bin -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bindescription ioc process File opened for reading /proc/net/tcp SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bin -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/338/cmdline File opened for reading /proc/356/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/227/cmdline File opened for reading /proc/82/cmdline File opened for reading /proc/292/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/104/cmdline File opened for reading /proc/145/cmdline File opened for reading /proc/228/cmdline File opened for reading /proc/345/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/75/cmdline File opened for reading /proc/76/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/37/cmdline File opened for reading /proc/139/cmdline File opened for reading /proc/223/cmdline File opened for reading /proc/332/cmdline File opened for reading /proc/335/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/344/cmdline File opened for reading /proc/352/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/36/cmdline File opened for reading /proc/71/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/303/cmdline File opened for reading /proc/336/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/77/cmdline File opened for reading /proc/371/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/115/cmdline File opened for reading /proc/224/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/254/cmdline File opened for reading /proc/69/cmdline File opened for reading /proc/215/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/114/cmdline File opened for reading /proc/155/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/258/cmdline File opened for reading /proc/261/cmdline File opened for reading /proc/290/cmdline File opened for reading /proc/333/cmdline File opened for reading /proc/79/cmdline File opened for reading /proc/252/cmdline File opened for reading /proc/73/cmdline File opened for reading /proc/284/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/337-1-0x00400000-0x004508f0-memory.dmp