Analysis
-
max time kernel
152s -
max time network
154s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
20-12-2023 15:05
Behavioral task
behavioral1
Sample
d1a147e54c0dcff06963d09b0625bebb
Resource
debian9-armhf-20231215-en
General
-
Target
d1a147e54c0dcff06963d09b0625bebb
-
Size
105KB
-
MD5
d1a147e54c0dcff06963d09b0625bebb
-
SHA1
43e9d78cc0dbccd99c0b61ef80afd4b19cd26fda
-
SHA256
780c51208b5deba82fc38c48545f4cd49af69f61570e01815299bd4e911de849
-
SHA512
cd2ece61c160cd17c5957f0539be2c87f6ecf54dc70ef14dc1b3906114c7407b20167007a74075a1cdf3bfba40bffabd0a1ce1b2dab8edfa4578b01c5f35e378
-
SSDEEP
3072:QhfMcBqJoNVu6K4M9p4V2SyHv0vM/9oiTX8:QhfMnUVu6K4Mj4IHvoM/958
Malware Config
Signatures
-
Contacts a large (53973) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog