Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20231222-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    07/01/2024, 19:21

General

  • Target

    496ab6a71f591eab216adbcea5b41c33.elf

  • Size

    89KB

  • MD5

    496ab6a71f591eab216adbcea5b41c33

  • SHA1

    fb28a02d8866e03846d168b87e55b68e64df1fbe

  • SHA256

    2924c4612219d7c23e1b3f8aea54ef77236e1b336c0763f71253adf6df39da44

  • SHA512

    b3453da355ec2a31f332eca663e80ed445f92b9bff5a94941948c6cfb628069d23b1471dadc38468ea3b42c9b21b4220af6ba12bb7d46a12abdc09673e666083

  • SSDEEP

    1536:NYCYxrXP40ODyPwHRQ9PlzTRfyToNoZqFi:qCYxrKDy46Ne

Score
9/10

Malware Config

Signatures

  • Contacts a large (19737) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 40 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/496ab6a71f591eab216adbcea5b41c33.elf
    /tmp/496ab6a71f591eab216adbcea5b41c33.elf
    1⤵
      PID:736

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads