Analysis
-
max time kernel
147s -
max time network
137s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
19-12-2023 23:24
Behavioral task
behavioral1
Sample
614374da32d621d1b2154415d0e607f4
Resource
debian9-armhf-20231215-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
614374da32d621d1b2154415d0e607f4
-
Size
126KB
-
MD5
614374da32d621d1b2154415d0e607f4
-
SHA1
ea0a42d8b0b5005cb76af97e7c619f0fbc714cbb
-
SHA256
1a96cf89463ce174bbc886ab79687b2437dd525ca6f028ad4851371095eb2451
-
SHA512
06b6d4b347d20bb2dae1c42c1648f128299ea177ccde7a3c109794e7715ee10e351b9a25650157efe971705c965c13a654857455a96bfecde92a7b80c563e305
-
SSDEEP
3072:6jVlyaL5JCrIpv04skbttiEiTmP46aQyfPlfKsNb:yoCJCN4skbHemP46aQyfPlfKsNb
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself sshd 649 614374da32d621d1b2154415d0e607f4 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route 614374da32d621d1b2154415d0e607f4 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route 614374da32d621d1b2154415d0e607f4