Analysis

  • max time kernel
    147s
  • max time network
    137s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    19-12-2023 23:24

General

  • Target

    614374da32d621d1b2154415d0e607f4

  • Size

    126KB

  • MD5

    614374da32d621d1b2154415d0e607f4

  • SHA1

    ea0a42d8b0b5005cb76af97e7c619f0fbc714cbb

  • SHA256

    1a96cf89463ce174bbc886ab79687b2437dd525ca6f028ad4851371095eb2451

  • SHA512

    06b6d4b347d20bb2dae1c42c1648f128299ea177ccde7a3c109794e7715ee10e351b9a25650157efe971705c965c13a654857455a96bfecde92a7b80c563e305

  • SSDEEP

    3072:6jVlyaL5JCrIpv04skbttiEiTmP46aQyfPlfKsNb:yoCJCN4skbHemP46aQyfPlfKsNb

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/614374da32d621d1b2154415d0e607f4
    /tmp/614374da32d621d1b2154415d0e607f4
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:649

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads