Overview

overview

10

Static

static

10

8de7107f46...2acbe0

debian-9-mips

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    8de7107f469a1314cc689499352acbe0

  • Size

    167KB

  • Sample

    231220-hv4cvsggem

  • MD5

    8de7107f469a1314cc689499352acbe0

  • SHA1

    167eb51dcb5b09f8c7292fbf21f99069dd1cf708

  • SHA256

    b880f667acbabd52bb464c7de70732ad94cfefbd527bc4e9ef56b953a7485536

  • SHA512

    33f6a40a060b850392c7bc361b0deaa14fc82b8507b4d6578020a7059874783d306f2f8a9aa9606c30a586a3ce60d38d7cc861e473cf3e5304828b01694f6552

  • SSDEEP

    3072:8Wg+6CEOybfjO574JZ/jhacaQTt6EmU8hTaA8TYKpNU:2BOk1NToEmU8hTaA8TYKpNU

Score
10/10
gafgytdiscovery

Malware Config

Targets

    • Target

      8de7107f469a1314cc689499352acbe0

    • Size

      167KB

    • MD5

      8de7107f469a1314cc689499352acbe0

    • SHA1

      167eb51dcb5b09f8c7292fbf21f99069dd1cf708

    • SHA256

      b880f667acbabd52bb464c7de70732ad94cfefbd527bc4e9ef56b953a7485536

    • SHA512

      33f6a40a060b850392c7bc361b0deaa14fc82b8507b4d6578020a7059874783d306f2f8a9aa9606c30a586a3ce60d38d7cc861e473cf3e5304828b01694f6552

    • SSDEEP

      3072:8Wg+6CEOybfjO574JZ/jhacaQTt6EmU8hTaA8TYKpNU:2BOk1NToEmU8hTaA8TYKpNU

    Score
    9/10
    discovery

    • Contacts a large (23032) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks