Resubmissions
23-04-2024 13:32
240423-qta9pagf6s 1007-09-2023 13:24
230907-qnpvwsaa66 1007-09-2023 13:24
230907-qnfbfsaa63 1007-09-2023 13:23
230907-qm7djsaa59 1007-09-2023 12:26
230907-pmkn4she9z 10Analysis
-
max time kernel
208s -
max time network
213s -
platform
debian-9_armhf -
resource
debian9-armhf-20230831-en -
resource tags
arch:armhfimage:debian9-armhf-20230831-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
07-09-2023 12:26
Behavioral task
behavioral1
Sample
03254e6240c35f7d787ca5175ffc36818185e62bdfc4d88d5b342451a747156d
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral2
Sample
f60b29cfb7eab3aeb391f46e94d4d8efadde5498583a2f5c71bd8212d8ae92da
Resource
debian9-armhf-20230831-en
General
-
Target
f60b29cfb7eab3aeb391f46e94d4d8efadde5498583a2f5c71bd8212d8ae92da
-
Size
276KB
-
MD5
9a6e4b8a6ba5b4f5a408919d2c169d92
-
SHA1
9b8523cbf0f3af49dbb1680d53c8fc9b2782bcfc
-
SHA256
f60b29cfb7eab3aeb391f46e94d4d8efadde5498583a2f5c71bd8212d8ae92da
-
SHA512
d5fd2334772c18729790ec25b5e3c0ace6353aaa853f60d7e55b13f9b88f49e1dec294c303abc3877894ee8a492fdd1d6a0b951405f1f5a021280ff1c1800670
-
SSDEEP
6144:XkYUAmEjloym0V80hkRocENCP0RnYtGSoBmb4d3PCBElKb/0FaiFsXWxATqtEvcM:XkYUAmEjloym0V80hkRo/NCP0RnYtGSj
Malware Config
Signatures
-
Contacts a large (36488) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
f60b29cfb7eab3aeb391f46e94d4d8efadde5498583a2f5c71bd8212d8ae92dadescription ioc pid process Changes the process name, possibly in an attempt to hide itself imq2qa8psco0bt5i 363 f60b29cfb7eab3aeb391f46e94d4d8efadde5498583a2f5c71bd8212d8ae92da -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Unexpected DNS network traffic destination 30 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 Destination IP 46.239.223.80 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/1324/exe File opened for reading /proc/1334/exe File opened for reading /proc/2664/exe File opened for reading /proc/2665/exe File opened for reading /proc/3664/exe File opened for reading /proc/3670/exe File opened for reading /proc/2699/exe File opened for reading /proc/500/exe File opened for reading /proc/504/exe File opened for reading /proc/876/exe File opened for reading /proc/2282/exe File opened for reading /proc/2669/exe File opened for reading /proc/2695/exe File opened for reading /proc/2677/exe File opened for reading /proc/3662/exe File opened for reading /proc/930/exe File opened for reading /proc/932/exe File opened for reading /proc/1332/exe File opened for reading /proc/1354/exe File opened for reading /proc/1363/exe File opened for reading /proc/2345/exe File opened for reading /proc/3661/exe File opened for reading /proc/920/exe File opened for reading /proc/927/exe File opened for reading /proc/1272/exe File opened for reading /proc/1314/exe File opened for reading /proc/2335/exe File opened for reading /proc/2679/exe File opened for reading /proc/505/exe File opened for reading /proc/3656/exe File opened for reading /proc/1344/exe File opened for reading /proc/1347/exe File opened for reading /proc/1348/exe File opened for reading /proc/1351/exe File opened for reading /proc/2313/exe File opened for reading /proc/2713/exe File opened for reading /proc/1317/exe File opened for reading /proc/1323/exe File opened for reading /proc/1337/exe File opened for reading /proc/2692/exe File opened for reading /proc/366/exe File opened for reading /proc/917/exe File opened for reading /proc/1368/exe File opened for reading /proc/3668/exe File opened for reading /proc/929/exe File opened for reading /proc/1321/exe File opened for reading /proc/2339/exe File opened for reading /proc/2342/exe File opened for reading /proc/507/exe File opened for reading /proc/914/exe File opened for reading /proc/2682/exe File opened for reading /proc/2708/exe File opened for reading /proc/911/exe File opened for reading /proc/1358/exe File opened for reading /proc/2663/exe File opened for reading /proc/2668/exe File opened for reading /proc/2704/exe File opened for reading /proc/2709/exe File opened for reading /proc/1338/exe File opened for reading /proc/2673/exe File opened for reading /proc/2678/exe File opened for reading /proc/2696/exe File opened for reading /proc/913/exe File opened for reading /proc/931/exe