efa18a1f2e4958cb72beb9b02662dc674467af4dbf74eef433922150aaecfbbc

Analysis

max time kernel
0s
platform
debian-9_mipsel
resource
debian9-mipsel-20221111-en
resource tags

arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
09/07/2023, 17:16

Sharing

Copy URL

Twitter E-mail

Reason

Reading agent response: read tcp 10.127.0.1:60966->10.127.0.137:8000: read: connection timed out

Report Analysis Logs

General

Target

mipsel-20230709-1715.elf
Size

119KB
MD5

9ee98d28e34951c3981bc3337102b8be
SHA1

fa5eca18bb2f2b21c2d8622fbd5c4592eea6df5a
SHA256

efa18a1f2e4958cb72beb9b02662dc674467af4dbf74eef433922150aaecfbbc
SHA512

371c50668b572b92ba3121049bd861cdc04a65bfe042227666072bcd39c11de01f0ffdf1203ff004c1574ab54b4b9a1c8043847d0a5b0c788b4a936bdc986594
SSDEEP

3072:evhg2bAxoWMuFFt3/PAYbBKCSwB5O1i4I94:Ah/bAxPFt3dYCSwB5O1PI94

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
336	mipsel-20230709-1715.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/bin/watchdog

/tmp/mipsel-20230709-1715.elf
/tmp/mipsel-20230709-1715.elf
1⤵
- Deletes itself
PID:336

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads