Analysis
-
max time kernel
153s -
max time network
156s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
04-01-2024 01:20
Behavioral task
behavioral1
Sample
832aaeebe836290917751917d95614dee04051b970be82fd498fc5f403bf3998.elf
Resource
debian9-armhf-20231215-en
General
-
Target
832aaeebe836290917751917d95614dee04051b970be82fd498fc5f403bf3998.elf
-
Size
128KB
-
MD5
5f0d3e7c0d7b104e6b8538a0d265d229
-
SHA1
e9a1c67b3aff6282344fd63906b6683342b1304d
-
SHA256
832aaeebe836290917751917d95614dee04051b970be82fd498fc5f403bf3998
-
SHA512
576a3ca7f03b817ae9950df721e49e2d07c94592a57c25d4475aa7e88002e3a7df49222e4add86877002470634e88cf2e946726c22d0ce39caccf552c216d602
-
SSDEEP
3072:/5AzGwNEcN9z9jhSCX/lBmeHmgjgeyPSjUHM/9pmywPoIlq:/5AzGwNl9JECX/lB9mhFPSjsM/9pmyw4
Malware Config
Signatures
-
Contacts a large (46826) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
832aaeebe836290917751917d95614dee04051b970be82fd498fc5f403bf3998.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself ujipriaq87fzlg4hd1c5a7tw 666 832aaeebe836290917751917d95614dee04051b970be82fd498fc5f403bf3998.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 1 IoCs