Analysis
-
max time kernel
151s -
max time network
156s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231215-en -
resource tags
-
submitted
07-02-2024 14:37
General
-
Target
420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a.elf
-
Size
267KB
-
MD5
ecca94847737a4a0f081c17988ed76c0
-
SHA1
364ae8ee32048ecf902501bfb1a7ae0b4201ad5e
-
SHA256
420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a
-
SHA512
6cb1214ac592fc2772126b68c036b52bf79ac54e0ecacf45f819f2b9e9a50ae671c608a4a5c6af9e3b1bedb64ebac5c654b9a873364ec12191391b34ea6d9467
-
SSDEEP
3072:4jUJ6jNDUR3H4AJ5R9QQZ9AAbVqhlE7hMkxh9ngv1iKGAMP80bjVM:rMjR+9jpIqqhXYOv1iKGAMP80bjm
Malware Config
Signatures
-
Contacts a large (89758) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a.elf/tmp/420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a.elf1⤵
- Creates/modifies Cron job