Overview

overview

10

Static

static

10

3a2dfbf161...7678e5

debian-9-armhf

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    3a2dfbf16133a6a31f7155a1bc7678e5

  • Size

    161KB

  • Sample

    231219-2ygstagadp

  • MD5

    3a2dfbf16133a6a31f7155a1bc7678e5

  • SHA1

    81358f162dc927df67ab684b07576eea91c9471c

  • SHA256

    a851611ba14025ee77c0bad665a4bb21121d63d9a3c3062b62a7731fd2f2d12f

  • SHA512

    c55606bc4b562ba90a37e56dc45e4aad73ce134095d62924326e27be644b6b5aac6d821d7b4ce26ba18a8d5c5581576d3fea704b9e4512f29a2518dda230f318

  • SSDEEP

    3072:PyvgcFqOCROH37Gc+RfiHVtTBLhYAA7vyDujp+SmjlliUmh:s2M6c+JktTBLyv6Dujp+SmjlliUmh

Score
10/10
gafgytdiscovery

Malware Config

Targets

    • Target

      3a2dfbf16133a6a31f7155a1bc7678e5

    • Size

      161KB

    • MD5

      3a2dfbf16133a6a31f7155a1bc7678e5

    • SHA1

      81358f162dc927df67ab684b07576eea91c9471c

    • SHA256

      a851611ba14025ee77c0bad665a4bb21121d63d9a3c3062b62a7731fd2f2d12f

    • SHA512

      c55606bc4b562ba90a37e56dc45e4aad73ce134095d62924326e27be644b6b5aac6d821d7b4ce26ba18a8d5c5581576d3fea704b9e4512f29a2518dda230f318

    • SSDEEP

      3072:PyvgcFqOCROH37Gc+RfiHVtTBLhYAA7vyDujp+SmjlliUmh:s2M6c+JktTBLyv6Dujp+SmjlliUmh

    Score
    9/10
    discovery

    • Contacts a large (69572) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks