Overview

overview

9

Static

static

1

armv7l-202...19.elf

debian-9-armhf

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    armv7l-20230709-1219.elf

  • Size

    166KB

  • Sample

    230709-phrlvsch84

  • MD5

    362d6cae2d3d3f23ed7a2e65b5a604c9

  • SHA1

    2b8b97b10e913572ff49eb48ae09da36d782dd84

  • SHA256

    d28df8812363a5217be8e13f17c07d528c0ddb1db65d077a4523de88c0bd46b1

  • SHA512

    46b9d584d06029bf73b2bf6fe63813eb6ab90c03c72406fdd3f4b8a36b0a0d383c16727e0492b56aa95327c6b33d323e7c907c4eecfa1004bf5ff1aaa7727611

  • SSDEEP

    3072:pZ8QrLmgXaIpDNajwaHlFvcMyzv5tOY/HXOu7JvgM/99Do4DiE+:EQryIVNajwaHlFNyzL/3Ou7J4M/9z+P

Score
9/10
discoverypersistence

Malware Config

Targets

    • Target

      armv7l-20230709-1219.elf

    • Size

      166KB

    • MD5

      362d6cae2d3d3f23ed7a2e65b5a604c9

    • SHA1

      2b8b97b10e913572ff49eb48ae09da36d782dd84

    • SHA256

      d28df8812363a5217be8e13f17c07d528c0ddb1db65d077a4523de88c0bd46b1

    • SHA512

      46b9d584d06029bf73b2bf6fe63813eb6ab90c03c72406fdd3f4b8a36b0a0d383c16727e0492b56aa95327c6b33d323e7c907c4eecfa1004bf5ff1aaa7727611

    • SSDEEP

      3072:pZ8QrLmgXaIpDNajwaHlFvcMyzv5tOY/HXOu7JvgM/99Do4DiE+:EQryIVNajwaHlFNyzL/3Ou7J4M/9z+P

    Score
    9/10
    discoverypersistence

    • Contacts a large (430382) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies password files for system users/ groups

      Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistence

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Writes file to system bin folder

    • Modifies Bash startup script

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks