Overview

overview

9

Static

static

1

cfe2c47fb5...71.elf

debian-9-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b83021aff7f7346a9ee2de629217b84.bin

  • Size

    41KB

  • Sample

    230711-mbsjgagc53

  • MD5

    9b8ec35b9b7f6919ea7a16c2c2e9e199

  • SHA1

    3d958cee8029b57eedc3b9e7dfc5269f52ebbbb2

  • SHA256

    162fc20137869b464c21e74b1d7688bff11b44bbe430565ccb8079ddf5191b7e

  • SHA512

    5df702ce9816b8aa4aa5b15558b314302b41f04b70827d9bfb8724ccaaef1d6b5ed0110b342b148e6a548306ab0e0cb40841c2f9d8f6186428f69336339c8cb1

  • SSDEEP

    768:FMpAWP0AJer9D3R4ltez6OM3SvaleJBZfxiVUQbWrXGlBCarBLG7mNdVCv2oRAqw:SpAPxD3qYz6af4JNrBqOCv2CAt

Score
9/10
discoverypersistence

Malware Config

Targets

    • Target

      cfe2c47fb519b7d3383c8a0ac857b399960f04dfdc61a68a86592cb2ede5b471.elf

    • Size

      116KB

    • MD5

      6b83021aff7f7346a9ee2de629217b84

    • SHA1

      3c4eb69c00383c685d39ac0cd8586dda24b90b69

    • SHA256

      cfe2c47fb519b7d3383c8a0ac857b399960f04dfdc61a68a86592cb2ede5b471

    • SHA512

      b9b055266304db9f4b6a62b94d80707b7f8d4574bb54a95a2d99d6322d2af260177c1e8f77f9443f84192352acd5bb7c3345738a3571afef2e27cb3ce6d81862

    • SSDEEP

      3072:+vdX7QeSHi3yzdDfRdvv7iS3B5OR4jId4:g2eSHi3YDfRV7iS3B5ORCId4

    Score
    9/10
    discoverypersistence

    • Contacts a large (107936) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies password files for system users/ groups

      Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistence

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Writes file to system bin folder

    • Modifies Bash startup script

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks