Overview

overview

10

Static

static

10

30a60892a8...4366f0

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30a60892a86565eda0b9ccc6d44366f0

  • Size

    130KB

  • Sample

    231219-2txngaeddn

  • MD5

    30a60892a86565eda0b9ccc6d44366f0

  • SHA1

    e25da7d57ef852128ddc052960484ac3efbbee06

  • SHA256

    9e17e08c537dd30bae396e41de95a39012554c04b835f7609560c5c65ab68c64

  • SHA512

    2c7c9070fac8b231ee47b297f766b8a89a6275bf8db51f0c73308441f8c8f9fe4f83910b31a805f5d93a07139d8229a05b01dea6a6eecabbe7c680f015e17d8f

  • SSDEEP

    3072:UWfI1cFSlW+eUe52tmfyJKmRj6aQyfLlfF9Nb:1IOSlRm52tm3mRj6aQyfLlfF9Nb

Score
10/10
gafgytdiscovery

Malware Config

Targets

    • Target

      30a60892a86565eda0b9ccc6d44366f0

    • Size

      130KB

    • MD5

      30a60892a86565eda0b9ccc6d44366f0

    • SHA1

      e25da7d57ef852128ddc052960484ac3efbbee06

    • SHA256

      9e17e08c537dd30bae396e41de95a39012554c04b835f7609560c5c65ab68c64

    • SHA512

      2c7c9070fac8b231ee47b297f766b8a89a6275bf8db51f0c73308441f8c8f9fe4f83910b31a805f5d93a07139d8229a05b01dea6a6eecabbe7c680f015e17d8f

    • SSDEEP

      3072:UWfI1cFSlW+eUe52tmfyJKmRj6aQyfLlfF9Nb:1IOSlRm52tm3mRj6aQyfLlfF9Nb

    Score
    9/10
    discovery

    • Contacts a large (22556) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks