Analysis

  • max time kernel
    1s
  • max time network
    28s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20231222-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    08/01/2024, 03:42

General

  • Target

    1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d.elf

  • Size

    98KB

  • MD5

    ce006232d9983334aead018d7ae064de

  • SHA1

    a4f029dba18263c08a8f6225017e023840a25daf

  • SHA256

    1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d

  • SHA512

    1f59307e9ec0ac0c6e4dde6a2626a02237d39890b27bfd3b065b856948fcbb25a72ac75fd87142272f7a8135b0607394ad0b358d9ef257d0d5533d6abab862c7

  • SSDEEP

    1536:pxv8kk3+je7JiMNN96M967v96Mdy+kJ2cXborlekZqzsA:7kkk36e7BD+kJvr+uzsA

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d.elf
    /tmp/1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d.elf
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    PID:708

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads