Overview

overview

10

Static

static

10

3282930e01...a8d700

debian-9-armhf

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    3282930e018c6d94fd13ee3affa8d700

  • Size

    130KB

  • Sample

    231219-2vn3qaegbq

  • MD5

    3282930e018c6d94fd13ee3affa8d700

  • SHA1

    af39232616b0b6e20a2ec5a4bbedbf2ced992946

  • SHA256

    9d9e709161b140e285c452d922075305d3d933950af1a8bbc260342208e98fc0

  • SHA512

    b663c0defde2d544482921970f02c362a0b1aa5136aebfcb4cfacc8f3e6930f90f2466e98ee38803ed44b891ffe5e208029d7552af63af4e3ff1abed8fc7ad35

  • SSDEEP

    3072:UWfI1cFSlW+eUe52ZmfyJKmRj6aQyfLlfF9Nb:1IOSlRm52Zm3mRj6aQyfLlfF9Nb

Score
10/10
gafgytdiscovery

Malware Config

Targets

    • Target

      3282930e018c6d94fd13ee3affa8d700

    • Size

      130KB

    • MD5

      3282930e018c6d94fd13ee3affa8d700

    • SHA1

      af39232616b0b6e20a2ec5a4bbedbf2ced992946

    • SHA256

      9d9e709161b140e285c452d922075305d3d933950af1a8bbc260342208e98fc0

    • SHA512

      b663c0defde2d544482921970f02c362a0b1aa5136aebfcb4cfacc8f3e6930f90f2466e98ee38803ed44b891ffe5e208029d7552af63af4e3ff1abed8fc7ad35

    • SSDEEP

      3072:UWfI1cFSlW+eUe52ZmfyJKmRj6aQyfLlfF9Nb:1IOSlRm52Zm3mRj6aQyfLlfF9Nb

    Score
    9/10
    discovery

    • Contacts a large (22877) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks