a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3

Analysis

max time kernel
152s
max time network
152s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30-06-2023 12:26

Target

.i
Size

78KB
MD5

9b6c3518a91d23ed77504b5416bfb5b3
SHA1

0a2d170abbf5031566377b01431e3b82d342630a
SHA256

a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
SHA512

b2b08d5d5e6c6708d88b793e9340a780d47b5dce61e0a3026b4cdea8a9e4cbf9824037255e4ea4a40fee5bce956485232376d4677ce72ccb6c7f00badd09956e
SSDEEP

1536:87vbq1lGAXSEYQjbChaAU2yU23M51DjZgSQAvcYkFtZTjzBht5:8D+CAXFYQChaAUk5ljnQssL

Score

7^/10

Changes its process name 1 IoCs

Processes:

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	telnetd	360	sh

Deletes itself 1 IoCs

Processes:

pid	Process
360	sh

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

Processes:

description	ioc	Process
File opened for modification	/dev/watchdog	.i
File opened for modification	/dev/misc/watchdog	.i

Enumerates active TCP sockets 1 TTPs 1 IoCs

Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery

Processes:

description	ioc
File opened for reading	/proc/net/tcp

Enumerates running processes
Discovers information about currently running processes on the system

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery

Processes:

description	ioc	Process
File opened for reading	/proc/net/route	.i

Reads system network configuration 1 TTPs 3 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

Processes:

description	ioc	Process
File opened for reading	/proc/net/route	.i
File opened for reading	/proc/net/tcp