Overview

overview

9

Static

static

1

7cd409e343...8c.elf

debian-9-mips

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    0d00bce2a79e6a108b0db39da3e91673.bin

  • Size

    38KB

  • Sample

    230711-kamkqagg3x

  • MD5

    f7a071e8be2b7e127bc437baa3d89eb8

  • SHA1

    e8733c314ad0b4258a7e22f0ed7b6f8064335824

  • SHA256

    5e79c4a110ac7a0782437ce049fcc14da7ce9480f536b8c4c2065a2141eb66c5

  • SHA512

    aad11e1e55640652f71bd4af7e9e8fee83dc54c75afe145fcf8ff4190e13e4dd6c5f574965a5105c0d7228f99e0c550cea9ac0d7f9329a7d346641330e27afca

  • SSDEEP

    768:Ce7nuTN9cH1SgfA46YSM0+jWpKahMk8ErhybTBwAmTUrdcdY:tuTN9cVW46YM5kahMWATBwAeqdCY

Score
9/10
discoverypersistence

Malware Config

Targets

    • Target

      7cd409e343d4d472da9184af96659b5b6a8f05d81ee3e2b3f3b938a445ea108c.elf

    • Size

      110KB

    • MD5

      0d00bce2a79e6a108b0db39da3e91673

    • SHA1

      265d82de64fd23ae40186bd11745bac73b123561

    • SHA256

      7cd409e343d4d472da9184af96659b5b6a8f05d81ee3e2b3f3b938a445ea108c

    • SHA512

      66ec8f343e7c9756b55e93c757ff74e5ac7803ce088c94e3c6adf7d5c74f5ed262c8d45bb0935cac5f71697d1309cddb379f7a039c7b9691218b7837dbd61799

    • SSDEEP

      1536:xaDqvnSTeH/Xp5TvyeMgQdqaJjFrBNxWPah5A4:xaQSq/Xp5rCgAqaJjFrBNxGah5A4

    Score
    9/10
    discoverypersistence

    • Contacts a large (481067) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies password files for system users/ groups

      Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistence

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Writes file to system bin folder

    • Modifies Bash startup script

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks