Analysis
-
max time kernel
152s -
max time network
155s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
20-12-2023 11:40
Behavioral task
behavioral1
Sample
ac93cfbd088b6d98146172ab95767fe0
Resource
debian9-armhf-20231215-en
General
-
Target
ac93cfbd088b6d98146172ab95767fe0
-
Size
111KB
-
MD5
ac93cfbd088b6d98146172ab95767fe0
-
SHA1
5e592aa604f1d3433f46083ff2c889e0baf32acb
-
SHA256
bbb89a38aa340a701ce8bfbf52005710e5b0d12b4fb3528b27f70889d1fe2ede
-
SHA512
1515612fa0cdea89db73a6609544b64ce2f4652dca0c31b40d65832622aa044e3f8dbf1df0f15249d274738a27491c5891b53fee1c3b61953574ce1f8fb811de
-
SSDEEP
3072:hJza3vZhQ/R9UA7hAt8vfsmXiXa+kEYM/9Tgxr:hJza3vkJ7hAt8vUm6a+k3M/9kxr
Malware Config
Signatures
-
Contacts a large (76013) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/misc/watchdog File opened for modification /dev/watchdog -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog