Overview

overview

7

Static

static

1

client

debian-9-armhf

7

Analysis

  • max time kernel
    300s
  • max time network
    310s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231026-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231026-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    12-11-2023 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    client

  • Size

    140KB

  • MD5

    472284537c1174b22469ef1bd90b0ca9

  • SHA1

    b0098427f841668a36ddc461a3e2caaf0f9acbb9

  • SHA256

    c267e0bf3f1a0448e66427d5863d762af7cd6cc7ff812e6addcd4e54d9a46ac9

  • SHA512

    afb89c8428051a75eeb917159f25cd775b1da666c1e73f2210119a04b20612aba1651407891b67a606b426b0f8af930b0187ea67422e55d41cbff20c26d117a8

  • SSDEEP

    3072:8jCWD/5pzLRcrTzt+wzp1wJmP/is8BYV2ZMH1lKgNWdUD:k3/3Rcrd+wUJmP/Nlc2VlKgQdUD

Score
7/10

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Processes

  • /tmp/client
    /tmp/client
    1⤵
    • Modifies Watchdog functionality
    PID:658
    • /usr/local/sbin/iptables
      iptables -C OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
      2⤵
        PID:659
      • /usr/local/bin/iptables
        iptables -C OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
        2⤵
          PID:659
        • /usr/sbin/iptables
          iptables -C OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
          2⤵
            PID:659
          • /usr/bin/iptables
            iptables -C OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
            2⤵
              PID:659
            • /sbin/iptables
              iptables -C OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
              2⤵
                PID:659
              • /usr/local/sbin/iptables
                iptables -I OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
                2⤵
                  PID:672
                • /usr/local/bin/iptables
                  iptables -I OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
                  2⤵
                    PID:672
                  • /usr/sbin/iptables
                    iptables -I OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
                    2⤵
                      PID:672
                    • /usr/bin/iptables
                      iptables -I OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
                      2⤵
                        PID:672
                      • /sbin/iptables
                        iptables -I OUTPUT -p tcp --tcp-flags RST RST -j DROP --sport 50000:55000
                        2⤵
                          PID:672

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads