Analysis
-
max time kernel
152s -
max time network
155s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20231215-en -
resource tags
arch:mipselimage:debian9-mipsel-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
20-12-2023 17:54
Behavioral task
behavioral1
Sample
fdfdcab48454fe15fbb5d6f371efc14c
Resource
debian9-mipsel-20231215-en
debian-9-mipsel
4 signatures
150 seconds
General
-
Target
fdfdcab48454fe15fbb5d6f371efc14c
-
Size
75KB
-
MD5
fdfdcab48454fe15fbb5d6f371efc14c
-
SHA1
8e56739d8a9b146d4adef73eb4ff3084d8378a52
-
SHA256
5806b2ef309f4a64e758be9aec585ab837ef10641451f18126f799722626bb06
-
SHA512
1bfb905005738f0eb60bbf26e2483823c8b6a879247135f6c7de4db2146adca4742d50513d8398a570591cbf7d68c8d4e64315e30600ecf5113e1758fa49b3d0
-
SSDEEP
1536:tAL4lj6y0ZYft7ScEq7QhQNEBQ79gsS8e:tAij6yIFq7jBw
Score
9/10
Malware Config
Signatures
-
Contacts a large (177897) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog