92148d03f4bcd0e1d3c40491417ddacc6950aa003de8be4ba75ef4f9d3bcd517

Analysis

max time kernel
151s
max time network
154s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
05/07/2023, 09:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

armv7l-20230705-0925.elf
Size

144KB
MD5

f1469bdd311d4540b5165e1bc5c12333
SHA1

12f6656d07c1472153b3dcbc86cf52b31f3b2758
SHA256

92148d03f4bcd0e1d3c40491417ddacc6950aa003de8be4ba75ef4f9d3bcd517
SHA512

6b4b445748214cf19618ce1fc31b9dc7274b31141b5567365ae436b7539e24bbb7538fc30249c9ddbbdadce8895c8bc53c1f51def1858f51b7ca63d2ee61b002
SSDEEP

3072:XpKCg2saKVaYuSLr5fAbosx9jQuC8wvjQWM/9qb+K9aZPX:XNgWYaYuSLr5f+osRhwvj1M/9qb+K9ad

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (147001) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Deletes itself 1 IoCs

pid	Process
367	armv7l-20230705-0925.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/bin/watchdog

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/armv7l-20230705-0925.elf	armv7l-20230705-0925.elf

/tmp/armv7l-20230705-0925.elf
/tmp/armv7l-20230705-0925.elf
1⤵
- Deletes itself
- Writes file to tmp directory
PID:367

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads