Overview

overview

7

Static

static

7

ecf2fbffa7...abf16b

debian-9-armhf

7

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    20-12-2023 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ecf2fbffa78bb130a11fe2ab3babf16b

  • Size

    59KB

  • MD5

    ecf2fbffa78bb130a11fe2ab3babf16b

  • SHA1

    b2015bd750b4dda7aa407ed638252bae40ae6992

  • SHA256

    3e9267429ae0f50f270842d677bf0b9f9c149c34ac021c5b3e17eea96ccff1dd

  • SHA512

    2072d8f164af7bb38d221475cb0bc15a143ff5bc5022c4208e06f1aa15ecbd02d3d848aeaceb3ba9015eb2727c0ae0d8485ebfe5d1efaa068427efb763a38aad

  • SSDEEP

    1536:dah3sb7XZX8VAz4m9hvPBpdmLyLFZs1mIQ0qnsrxt+hx:chcb7XZoAz4m9h3B2GLF+EIAnsrqr

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/ecf2fbffa78bb130a11fe2ab3babf16b
    /tmp/ecf2fbffa78bb130a11fe2ab3babf16b
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    • Reads system routing table
    • Reads system network configuration
    • Reads runtime system information
    PID:659

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads