f794d5a0e144cab03850a9eee99b99f83d5b22c39bdb87a6dd02e98a932a0e5c

Analysis

max time kernel
152s
max time network
156s
platform
debian-9_armhf
resource
debian9-armhf-20231215-en
resource tags

arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
19/12/2023, 22:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f9a29eb594e3bbb708b849c8ac29511
Size

74KB
MD5

1f9a29eb594e3bbb708b849c8ac29511
SHA1

767974d8278acd7ba49d2f207200c9203f22e505
SHA256

f794d5a0e144cab03850a9eee99b99f83d5b22c39bdb87a6dd02e98a932a0e5c
SHA512

716eaccd61b9976777356c2c58744b635d6bf8218888c56a212638847b2ab41356c62b371b61300c075fda3665fda1744b3a6bd2c07d64ff51e397d92bedf401
SSDEEP

1536:usO1+BkQ8yi6dT9ncsnxLs9ewNJ4HtGKu/NsAqXLH1iNODui9VAU1vz:usO1akQLY/yz7ViNi/pz

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (23507) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	1f9a29eb594e3bbb708b849c8ac29511
File opened for modification	/dev/misc/watchdog	1f9a29eb594e3bbb708b849c8ac29511

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 31 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/510/smaps
File opened for reading	/proc/646/smaps
File opened for reading	/proc/788/smaps
File opened for reading	/proc/766/smaps
File opened for reading	/proc/770/smaps
File opened for reading	/proc/784/smaps
File opened for reading	/proc/645/smaps
File opened for reading	/proc/650/smaps
File opened for reading	/proc/675/smaps
File opened for reading	/proc/702/smaps
File opened for reading	/proc/655/smaps
File opened for reading	/proc/768/smaps
File opened for reading	/proc/776/smaps
File opened for reading	/proc/778/smaps
File opened for reading	/proc/772/smaps
File opened for reading	/proc/782/smaps
File opened for reading	/proc/558/smaps
File opened for reading	/proc/731/smaps
File opened for reading	/proc/775/smaps
File opened for reading	/proc/774/smaps
File opened for reading	/proc/786/smaps
File opened for reading	/proc/557/smaps
File opened for reading	/proc/608/smaps
File opened for reading	/proc/656/smaps
File opened for reading	/proc/673/smaps
File opened for reading	/proc/498/smaps
File opened for reading	/proc/648/smaps
File opened for reading	/proc/787/smaps
File opened for reading	/proc/651/smaps
File opened for reading	/proc/672/smaps
File opened for reading	/proc/780/smaps

/tmp/1f9a29eb594e3bbb708b849c8ac29511
/tmp/1f9a29eb594e3bbb708b849c8ac29511
1⤵
- Modifies Watchdog functionality
PID:670

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads