Analysis
-
max time kernel
150s -
max time network
153s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20231215-en -
resource tags
arch:mipselimage:debian9-mipsel-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
19-12-2023 22:22
Behavioral task
behavioral1
Sample
0243e269ba76ba26860f05c98c3dee88
Resource
debian9-mipsel-20231215-en
General
-
Target
0243e269ba76ba26860f05c98c3dee88
-
Size
94KB
-
MD5
0243e269ba76ba26860f05c98c3dee88
-
SHA1
897c59e3c19cf619ceffb764acd94756f779ad59
-
SHA256
bea2c6c2bfa90fe73ff454c4e2a140eabdd51c44d5f91ea40574932a69996447
-
SHA512
a985f1adb3f234dfe8f5fe7cbe5040b45e6c7f9daed9f40f8338a46f9ef9f57f64976324e327b09c68054bd4705e1d182116c30cf9a541a6987e1770b0bc0936
-
SSDEEP
1536:GntGB7XO1+NJTx/dGrpib3v78wUVO9q7:qtGB7XNJTNx8n7
Malware Config
Signatures
-
Contacts a large (10142) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Reads runtime system information 19 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/790/exe File opened for reading /proc/682/exe File opened for reading /proc/696/exe File opened for reading /proc/697/exe File opened for reading /proc/701/exe File opened for reading /proc/734/exe File opened for reading /proc/767/exe File opened for reading /proc/771/exe File opened for reading /proc/713/exe File opened for reading /proc/702/exe File opened for reading /proc/705/exe File opened for reading /proc/503/exe File opened for reading /proc/716/exe File opened for reading /proc/517/exe File opened for reading /proc/699/exe File opened for reading /proc/552/exe File opened for reading /proc/555/exe File opened for reading /proc/723/exe File opened for reading /proc/789/exe