Resubmissions

23-04-2024 13:32

240423-qta9pagf6s 10

07-09-2023 13:24

230907-qnpvwsaa66 10

07-09-2023 13:24

230907-qnfbfsaa63 10

07-09-2023 13:23

230907-qm7djsaa59 10

07-09-2023 12:26

230907-pmkn4she9z 10

Analysis

  • max time kernel
    208s
  • max time network
    213s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20230831-en
  • resource tags

    arch:armhfimage:debian9-armhf-20230831-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    07-09-2023 12:26

General

  • Target

    f60b29cfb7eab3aeb391f46e94d4d8efadde5498583a2f5c71bd8212d8ae92da

  • Size

    276KB

  • MD5

    9a6e4b8a6ba5b4f5a408919d2c169d92

  • SHA1

    9b8523cbf0f3af49dbb1680d53c8fc9b2782bcfc

  • SHA256

    f60b29cfb7eab3aeb391f46e94d4d8efadde5498583a2f5c71bd8212d8ae92da

  • SHA512

    d5fd2334772c18729790ec25b5e3c0ace6353aaa853f60d7e55b13f9b88f49e1dec294c303abc3877894ee8a492fdd1d6a0b951405f1f5a021280ff1c1800670

  • SSDEEP

    6144:XkYUAmEjloym0V80hkRocENCP0RnYtGSoBmb4d3PCBElKb/0FaiFsXWxATqtEvcM:XkYUAmEjloym0V80hkRo/NCP0RnYtGSj

Score
9/10

Malware Config

Signatures

  • Contacts a large (36488) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Unexpected DNS network traffic destination 30 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/f60b29cfb7eab3aeb391f46e94d4d8efadde5498583a2f5c71bd8212d8ae92da
    /tmp/f60b29cfb7eab3aeb391f46e94d4d8efadde5498583a2f5c71bd8212d8ae92da
    1⤵
    • Changes its process name
    PID:363

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads