Analysis
-
max time kernel
150s -
max time network
153s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231215-en -
resource tags
arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
19-12-2023 22:37
Behavioral task
behavioral1
Sample
189b4d7166cb8ae5e37cbe0aeb4be1dc
Resource
debian9-mipsbe-20231215-en
General
-
Target
189b4d7166cb8ae5e37cbe0aeb4be1dc
-
Size
74KB
-
MD5
189b4d7166cb8ae5e37cbe0aeb4be1dc
-
SHA1
50a6062a3e844f3bd60a5f1a94b5b5f01182210c
-
SHA256
5e0d0c7d812f26c59201fee046b6ddf87aa975d33741415dc35c879fc7a5e17d
-
SHA512
8145d8759cd484f585d58be0b6e54264cadf40c3a4a20dccd5ca366e557fcb4a036a5eb205be9f3e573c53399850a38608c11d17c467fa78647520ea930b5fcc
-
SSDEEP
1536:sTG6uNvfRaM88GcgKPn35kWKvgRU+leiIOxRnSyk:sT76RaM8j5KPn35kvgRU+0vyk
Malware Config
Signatures
-
Contacts a large (42905) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
189b4d7166cb8ae5e37cbe0aeb4be1dcdescription ioc pid process Changes the process name, possibly in an attempt to hide itself telnetd 716 189b4d7166cb8ae5e37cbe0aeb4be1dc -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/net/tcp -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 31 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/720/exe File opened for reading /proc/687/exe File opened for reading /proc/687/maps File opened for reading /proc/706/exe File opened for reading /proc/718/exe File opened for reading /proc/722/exe File opened for reading /proc/525/maps File opened for reading /proc/559/exe File opened for reading /proc/559/maps File opened for reading /proc/703/exe File opened for reading /proc/720/maps File opened for reading /proc/743/maps File opened for reading /proc/525/exe File opened for reading /proc/703/maps File opened for reading /proc/706/maps File opened for reading /proc/718/maps File opened for reading /proc/560/maps File opened for reading /proc/700/exe File opened for reading /proc/701/maps File opened for reading /proc/743/exe File opened for reading /proc/719/maps File opened for reading /proc/722/maps File opened for reading /proc/705/exe File opened for reading /proc/709/exe File opened for reading /proc/709/maps File opened for reading /proc/701/exe File opened for reading /proc/705/maps File opened for reading /proc/512/exe File opened for reading /proc/512/maps File opened for reading /proc/560/exe File opened for reading /proc/700/maps