Analysis
-
max time kernel
151s -
max time network
150s -
platform
debian-9_armhf -
resource
debian9-armhf-20231201-en -
resource tags
arch:armhfimage:debian9-armhf-20231201-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
11-12-2023 02:13
Behavioral task
behavioral1
Sample
778771ce3fa307b581377e54b181719e28294e4d57e04b2e222e342bcf4ca73b.elf
Resource
debian9-armhf-20231201-en
debian-9-armhf
7 signatures
150 seconds
General
-
Target
778771ce3fa307b581377e54b181719e28294e4d57e04b2e222e342bcf4ca73b.elf
-
Size
46KB
-
MD5
7afe8d0b711c5ce2bd18aa61bbaa9351
-
SHA1
12ac57e84bed5855bf6267596084977b4b9ca19f
-
SHA256
778771ce3fa307b581377e54b181719e28294e4d57e04b2e222e342bcf4ca73b
-
SHA512
71933c6fa03f62aab71d0a18fe9b0f2dea752cdf764abfdd1707ccd41582f61c6cfe8beffe6335203ecd9063b56c796f47cb8c167d22a24067338341d1d24fc6
-
SSDEEP
768:ndG6b+M+u/QIchiRa4DlvhrfJjStAzKdPT4XAcR4eb6uMFNHqqIQdfLZGl/7XR9:ndRbl/hTnrUtAmRcRbmuM+qr4TR9
Score
7/10
Malware Config
Signatures
-
description ioc File deleted /var/log/audit/audit.log -
Deletes system logs 1 TTPs 2 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
description ioc File deleted /var/log/syslog File deleted /var/log/messages -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
description ioc Process File opened for modification /etc/resolv.conf 778771ce3fa307b581377e54b181719e28294e4d57e04b2e222e342bcf4ca73b.elf -
Deletes log files 1 TTPs 2 IoCs
Deletes log files on the system.
description ioc File deleted /var/log/daemon.log File deleted /var/log/kern.log -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/8/maps Process not Found File opened for reading /proc/19/maps Process not Found File opened for reading /proc/23/maps Process not Found File opened for reading /proc/6/maps Process not Found File opened for reading /proc/14/maps Process not Found File opened for reading /proc/22/maps Process not Found File opened for reading /proc/13/maps Process not Found File opened for reading /proc/20/cmdline Process not Found File opened for reading /proc/7/maps Process not Found File opened for reading /proc/3/cmdline Process not Found File opened for reading /proc/6/cmdline Process not Found File opened for reading /proc/16/maps Process not Found File opened for reading /proc/23/cmdline Process not Found File opened for reading /proc/19/cmdline Process not Found File opened for reading /proc/42/maps Process not Found File opened for reading /proc/1/maps Process not Found File opened for reading /proc/15/maps Process not Found File opened for reading /proc/9/cmdline Process not Found File opened for reading /proc/7/cmdline Process not Found File opened for reading /proc/8/cmdline Process not Found File opened for reading /proc/29/maps Process not Found File opened for reading /proc/113/maps Process not Found File opened for reading /proc/self/exe 778771ce3fa307b581377e54b181719e28294e4d57e04b2e222e342bcf4ca73b.elf File opened for reading /proc/24/maps Process not Found File opened for reading /proc/80/maps Process not Found File opened for reading /proc/4/cmdline Process not Found File opened for reading /proc/20/maps Process not Found File opened for reading /proc/21/maps Process not Found File opened for reading /proc/10/cmdline Process not Found File opened for reading /proc/18/cmdline Process not Found File opened for reading /proc/22/cmdline Process not Found File opened for reading /proc/3/maps Process not Found File opened for reading /proc/11/maps Process not Found File opened for reading /proc/11/cmdline Process not Found File opened for reading /proc/15/cmdline Process not Found File opened for reading /proc/16/cmdline Process not Found File opened for reading /proc/102/maps Process not Found File opened for reading /proc/5/maps Process not Found File opened for reading /proc/18/maps Process not Found File opened for reading /proc/12/cmdline Process not Found File opened for reading /proc/27/cmdline Process not Found File opened for reading /proc/110/maps Process not Found File opened for reading /proc/12/maps Process not Found File opened for reading /proc/14/cmdline Process not Found File opened for reading /proc/41/maps Process not Found File opened for reading /proc/43/maps Process not Found File opened for reading /proc/25/cmdline Process not Found File opened for reading /proc/25/maps Process not Found File opened for reading /proc/26/maps Process not Found File opened for reading /proc/28/maps Process not Found File opened for reading /proc/21/cmdline Process not Found File opened for reading /proc/26/cmdline Process not Found File opened for reading /proc/112/maps Process not Found File opened for reading /proc/2/cmdline Process not Found File opened for reading /proc/10/maps Process not Found File opened for reading /proc/27/maps Process not Found File opened for reading /proc/24/cmdline Process not Found File opened for reading /proc/28/cmdline Process not Found File opened for reading /proc/9/maps Process not Found File opened for reading /proc/5/cmdline Process not Found File opened for reading /proc/17/cmdline Process not Found File opened for reading /proc/13/cmdline Process not Found File opened for reading /proc/29/cmdline Process not Found File opened for reading /proc/2/maps Process not Found