Overview

overview

10

Static

static

10

a1297e3b3a...8123fa

debian-9-armhf

7

Analysis

  • max time kernel
    151s
  • max time network
    146s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    20/12/2023, 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1297e3b3a91bec5a00d61602b8123fa

  • Size

    150KB

  • MD5

    a1297e3b3a91bec5a00d61602b8123fa

  • SHA1

    bf2ac1c78e825d62edc91cf02684a1c09455fb4d

  • SHA256

    d4198c20ef8a38d595cadaad3ce23c7f3aa42bdc29ab5ad2dae27cabd1528fc2

  • SHA512

    e56e7e20cd36662e0d2cf41b4611b738c4c52e12c45da55cde222cadc83feceb6109c8ae90f77495604438f37dd9db298b0c47346bdd2755ab62780eeb6c7f29

  • SSDEEP

    3072:rC/xbyxV8Rg+qcyVsrmkFsrQkHgbmYX9aQAN2kiKeN/:rMi86AyVNkFsr7gbmYX9aQAN2kiKeN/

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 2 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 31 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/a1297e3b3a91bec5a00d61602b8123fa
    /tmp/a1297e3b3a91bec5a00d61602b8123fa
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:666

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads