Analysis
-
max time kernel
146s -
max time network
147s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20231222-en -
resource tags
arch:mipselimage:debian9-mipsel-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
07/01/2024, 19:21
Behavioral task
behavioral1
Sample
496ab6a71f591eab216adbcea5b41c33.elf
Resource
debian9-mipsel-20231222-en
General
-
Target
496ab6a71f591eab216adbcea5b41c33.elf
-
Size
89KB
-
MD5
496ab6a71f591eab216adbcea5b41c33
-
SHA1
fb28a02d8866e03846d168b87e55b68e64df1fbe
-
SHA256
2924c4612219d7c23e1b3f8aea54ef77236e1b336c0763f71253adf6df39da44
-
SHA512
b3453da355ec2a31f332eca663e80ed445f92b9bff5a94941948c6cfb628069d23b1471dadc38468ea3b42c9b21b4220af6ba12bb7d46a12abdc09673e666083
-
SSDEEP
1536:NYCYxrXP40ODyPwHRQ9PlzTRfyToNoZqFi:qCYxrKDy46Ne
Malware Config
Signatures
-
Contacts a large (19737) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 40 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/720/fd File opened for reading /proc/706/exe File opened for reading /proc/377/fd File opened for reading /proc/438/fd File opened for reading /proc/679/fd File opened for reading /proc/686/fd File opened for reading /proc/152/fd File opened for reading /proc/396/fd File opened for reading /proc/682/exe File opened for reading /proc/682/fd File opened for reading /proc/706/fd File opened for reading /proc/723/exe File opened for reading /proc/808/exe File opened for reading /proc/725/exe File opened for reading /proc/726/exe File opened for reading /proc/352/fd File opened for reading /proc/391/fd File opened for reading /proc/721/fd File opened for reading /proc/739/fd File opened for reading /proc/729/fd File opened for reading /proc/737/exe File opened for reading /proc/685/exe File opened for reading /proc/720/exe File opened for reading /proc/263/fd File opened for reading /proc/350/fd File opened for reading /proc/355/fd File opened for reading /proc/392/fd File opened for reading /proc/679/exe File opened for reading /proc/1/fd File opened for reading /proc/351/fd File opened for reading /proc/685/fd File opened for reading /proc/737/fd File opened for reading /proc/800/exe File opened for reading /proc/744/exe File opened for reading /proc/758/exe File opened for reading /proc/796/exe File opened for reading /proc/175/fd File opened for reading /proc/740/fd File opened for reading /proc/438/exe File opened for reading /proc/686/exe