Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
-
submitted
20-12-2023 02:19
General
-
Target
7d386ac57d8ddc0e544e3a69641c68b8
-
Size
157KB
-
MD5
7d386ac57d8ddc0e544e3a69641c68b8
-
SHA1
dfe78f65e0bfc96dbed20b8ab5ca9398ced30bd1
-
SHA256
ad2aa8ad7e9f46168c811aae08adbe5e6ae58a8ff84cacd3aa0e630f84b08d14
-
SHA512
b3394b83bb129877091c17b7eea655f30ae538c62c9c5a89ff89b71f395a366baca969db4d505d776b73ac27961849e23d1bfcb08243c76eb51b7e711cb63d46
-
SSDEEP
3072:q1buCcJqcKxZe/3boPOkqNvfJTtmI5mPAZaQhSmWitCBNU:qGw5fybomlvfJTVmPAZaQhSmWitCBNU
Malware Config
Signatures
-
Contacts a large (15439) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 32 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/7d386ac57d8ddc0e544e3a69641c68b8/tmp/7d386ac57d8ddc0e544e3a69641c68b81⤵
- Changes its process name
- Reads system routing table
- Reads system network configuration