Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    20/12/2023, 00:48

General

  • Target

    7607eb1dd67869d255ed26b06841370f

  • Size

    25KB

  • MD5

    7607eb1dd67869d255ed26b06841370f

  • SHA1

    5b5800608056a2d95105f561baee3e45790f9856

  • SHA256

    47ceeaabf4c2185472e99fd8544f0b211fe8d876a9edd9fe504b6e3b0eb7cfd5

  • SHA512

    e36df947d8098d4d586157710e094c1cf1f1c6fe4c97e341111e0f616144182e289cb5307f35ef9a76fc547bda64dfc8d2fab53eecbe0571034a5c6086aa7471

  • SSDEEP

    384:hCqWwP5ZiqIYZEQvB7Abd+dRkWTCM4arXd69KYdLSBLDnNxlFx4ep7s:hr9RfPvB7AbeRkuCMTrGw3nN05

Score
9/10

Malware Config

Signatures

  • Contacts a large (23508) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 1 IoCs

Processes

  • /tmp/7607eb1dd67869d255ed26b06841370f
    /tmp/7607eb1dd67869d255ed26b06841370f
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    PID:656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads