Analysis
-
max time kernel
151s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
20/12/2023, 08:36
General
-
Target
96b2444f0eba3434ea7cdb42f89ba111
-
Size
52KB
-
MD5
96b2444f0eba3434ea7cdb42f89ba111
-
SHA1
87a9df2be616bd112ed4d0f91abbe80c3e8ae243
-
SHA256
e6c4cf5ab18f8bdb785016f0ba46961b8148e19d91601f33e99989a12eb11a05
-
SHA512
c236430fd9427273c8fec296e4dd67c0206b6fcc29012ae17e0f6cd9c6a9c658f94a6b9db20d940eb9a72d388101317a32002eac5acba949ea99439c891a4902
-
SSDEEP
1536:kOIlMtSFSIhqUXKpdhi41Hf/ZVLZgLv8WHQ:kOmMoBlapbief/Zx6LFQ
Malware Config
Extracted
Family
mirai
Botnet
UNST
Signatures
-
Contacts a large (19868) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 58 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/283/fd Process not Found File opened for reading /proc/322/fd Process not Found File opened for reading /proc/587/fd Process not Found File opened for reading /proc/791/exe Process not Found File opened for reading /proc/self/exe 96b2444f0eba3434ea7cdb42f89ba111 File opened for reading /proc/282/fd Process not Found File opened for reading /proc/313/fd Process not Found File opened for reading /proc/692/exe Process not Found File opened for reading /proc/727/exe Process not Found File opened for reading /proc/646/fd Process not Found File opened for reading /proc/667/fd Process not Found File opened for reading /proc/663/fd Process not Found File opened for reading /proc/579/exe Process not Found File opened for reading /proc/587/exe Process not Found File opened for reading /proc/770/exe Process not Found File opened for reading /proc/588/fd Process not Found File opened for reading /proc/638/fd Process not Found File opened for reading /proc/642/exe Process not Found File opened for reading /proc/766/exe Process not Found File opened for reading /proc/776/exe Process not Found File opened for reading /proc/778/exe Process not Found File opened for reading /proc/281/fd Process not Found File opened for reading /proc/301/fd Process not Found File opened for reading /proc/579/fd Process not Found File opened for reading /proc/719/exe Process not Found File opened for reading /proc/1/fd Process not Found File opened for reading /proc/661/fd Process not Found File opened for reading /proc/582/exe Process not Found File opened for reading /proc/588/exe Process not Found File opened for reading /proc/637/exe Process not Found File opened for reading /proc/643/exe Process not Found File opened for reading /proc/785/exe Process not Found File opened for reading /proc/789/exe Process not Found File opened for reading /proc/168/fd Process not Found File opened for reading /proc/598/fd Process not Found File opened for reading /proc/631/fd Process not Found File opened for reading /proc/761/exe Process not Found File opened for reading /proc/772/exe Process not Found File opened for reading /proc/774/exe Process not Found File opened for reading /proc/315/fd Process not Found File opened for reading /proc/582/fd Process not Found File opened for reading /proc/666/fd Process not Found File opened for reading /proc/640/exe Process not Found File opened for reading /proc/667/exe Process not Found File opened for reading /proc/138/fd Process not Found File opened for reading /proc/768/exe Process not Found File opened for reading /proc/664/fd Process not Found File opened for reading /proc/279/fd Process not Found File opened for reading /proc/637/fd Process not Found File opened for reading /proc/661/exe Process not Found File opened for reading /proc/598/exe Process not Found File opened for reading /proc/296/fd Process not Found File opened for reading /proc/672/fd Process not Found File opened for reading /proc/680/exe Process not Found File opened for reading /proc/715/exe Process not Found File opened for reading /proc/223/fd Process not Found File opened for reading /proc/783/exe Process not Found File opened for reading /proc/787/exe Process not Found