Analysis
-
max time kernel
146s -
max time network
120s -
platform
debian-9_mips -
resource
debian9-mipsbe-20230831-en -
resource tags
arch:mipsimage:debian9-mipsbe-20230831-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
23-09-2023 20:09
Static task
static1
Behavioral task
behavioral1
Sample
softbot.mips.elf
Resource
debian9-mipsbe-20230831-en
debian-9-mips
4 signatures
150 seconds
General
-
Target
softbot.mips.elf
-
Size
79KB
-
MD5
7a2447eb4cc11565ae926d0aa75bfe3a
-
SHA1
9bd7d0ddc5b469cd59ee09e35d6a34ac23480e70
-
SHA256
acf7bd2d231a075090b23bbe305ce4b3207bd5d0c88d7b9bbbf8fe8d5a54a1ff
-
SHA512
42b221a42d0aa96b4861737da25148048e8c87651cbdb343e5877ea75ce9aa683affe675ff7b488746007844a1a449cd27947ac791f7cc23077a4a2268d1acec
-
SSDEEP
1536:ppFcbuIhXI7RNt0cf35L7sgkc7Nw5TetYXkuI3h:pF0cf35L7sgkCNi5XkuS
Score
7/10
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
description ioc Process File opened for modification /etc/resolv.conf softbot.mips.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/19/cmdline File opened for reading /proc/321/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/68/cmdline File opened for reading /proc/72/cmdline File opened for reading /proc/sysvipc/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/36/cmdline File opened for reading /proc/37/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/207/cmdline File opened for reading /proc/tty/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/156/cmdline File opened for reading /proc/231/cmdline File opened for reading /proc/303/cmdline File opened for reading /proc/fs/cmdline File opened for reading /proc/219/cmdline File opened for reading /proc/228/cmdline File opened for reading /proc/295/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/115/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/77/cmdline File opened for reading /proc/105/cmdline File opened for reading /proc/114/cmdline File opened for reading /proc/301/cmdline File opened for reading /proc/cmdline File opened for reading /proc/67/cmdline File opened for reading /proc/irq/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/driver/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/326/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/323/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/sys/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/142/cmdline File opened for reading /proc/261/cmdline File opened for reading /proc/bus/cmdline File opened for reading /proc/80/cmdline File opened for reading /proc/320/cmdline File opened for reading /proc/71/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/229/cmdline File opened for reading /proc/268/cmdline File opened for reading /proc/329/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/69/cmdline File opened for reading /proc/73/cmdline File opened for reading /proc/76/cmdline File opened for reading /proc/82/cmdline