Analysis
-
max time kernel
150s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20221111-en -
resource tags
-
submitted
29/06/2023, 23:56
General
-
Target
367-1-0x00008000-0x00027598-memory.dmp
-
Size
96KB
-
MD5
abcb0f5ed48b8f0adb7c984ed9fd6853
-
SHA1
e25919c5e91793eaefad7d1df488964dfae14f8f
-
SHA256
3e3fc1f451a5846fe9aec489f4f242c11a7b2654b55931d326530456e2dba9f0
-
SHA512
6c38c4bda6ac2254bae42624c2e9ee24e41b39cc4718a71d515969b451cfb15754775098c5d82a9e30bc84c9125eb603fde268f9ff94959755c79ee70fff232f
-
SSDEEP
3072:3gr50T4fWX9Uj0kgjUYZlwCT/bsNumaWGCaiEngWB:A50T4fWX9Uj1alwCT/bYu1WGCaVRB
Malware Config
Signatures
-
Contacts a large (95920) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/367-1-0x00008000-0x00027598-memory.dmp/tmp/367-1-0x00008000-0x00027598-memory.dmp1⤵
- Changes its process name