8b33823366ce20a7246f967e542555b976e1c966d414aa71785d08b1f2cb3572

Analysis

max time kernel
151s
max time network
154s
platform
debian-9_mipsel
resource
debian9-mipsel-20231215-en
resource tags

arch:mipselimage:debian9-mipsel-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
19-12-2023 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07ae2774caf546358cde3b9751dac02f
Size

89KB
MD5

07ae2774caf546358cde3b9751dac02f
SHA1

2dee08f7812fe7c8d4d1ba121a635e7344a5af9c
SHA256

8b33823366ce20a7246f967e542555b976e1c966d414aa71785d08b1f2cb3572
SHA512

6a8e20b24345c184a91f1d1df93d4c679a3cf2bdee2cec170ca1e99cc61cf87f8690ecf355adb2017ce1b3a553d95d7bdce38e26e19d0a8b68b7c1194d70fdf0
SSDEEP

1536:NYCYxrXP40ODJPwHRQ9PlzTRfyToNoZqKi:qCYxrKDJ46N7

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (20212) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Enumerates active TCP sockets 1 TTPs 1 IoCs

Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery

T1049

description	ioc
File opened for reading	/proc/net/tcp

Enumerates running processes
Discovers information about currently running processes on the system

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc
File opened for reading	/proc/net/tcp

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/141/fd
File opened for reading	/proc/326/fd
File opened for reading	/proc/696/exe
File opened for reading	/proc/698/exe
File opened for reading	/proc/370/fd
File opened for reading	/proc/712/exe
File opened for reading	/proc/682/exe
File opened for reading	/proc/701/exe
File opened for reading	/proc/227/fd
File opened for reading	/proc/719/exe
File opened for reading	/proc/317/fd
File opened for reading	/proc/321/fd
File opened for reading	/proc/1/fd
File opened for reading	/proc/516/exe
File opened for reading	/proc/695/exe
File opened for reading	/proc/715/exe
File opened for reading	/proc/502/exe
File opened for reading	/proc/554/exe
File opened for reading	/proc/732/exe
File opened for reading	/proc/165/fd
File opened for reading	/proc/371/fd
File opened for reading	/proc/700/exe
File opened for reading	/proc/704/exe
File opened for reading	/proc/763/exe
File opened for reading	/proc/316/fd
File opened for reading	/proc/319/fd
File opened for reading	/proc/382/fd
File opened for reading	/proc/555/exe

/tmp/07ae2774caf546358cde3b9751dac02f
/tmp/07ae2774caf546358cde3b9751dac02f
1⤵
PID:710

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads