908bf09f36f8e791bc8b1722d0cb4628e309723d289adcae0d8d5fa7b4609a88

Analysis

max time kernel
150s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20231221-en
resource tags

arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
13-02-2024 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

908bf09f36f8e791bc8b1722d0cb4628e309723d289adcae0d8d5fa7b4609a88.elf
Size

30KB
MD5

f4f5d3a3222b8673f3f1a58b992cbbb2
SHA1

10de659e01e85d33a301efd6f4a9c80973fd5496
SHA256

908bf09f36f8e791bc8b1722d0cb4628e309723d289adcae0d8d5fa7b4609a88
SHA512

a94f443b59a167b3a4f22e0ae431fd66a7f5bc74f4070158325e0d0ddda3925177378c8a9d6c3a5ac73e475c6613d336b2015835cbe76db83ae796150845be3f
SSDEEP

768:w0XLTh64cGEzTgvxk4SkSqXY7EKs3UozD:TXLt643Y+v7YIHzD

Score

7^/10

Malware Config

Signatures

Flushes firewall rules 4 IoCs

Flushes/ disables firewall rules inside the Linux kernel.

pid	Process
681	iptables
692	iptables
696	iptables
697	iptables

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc	Process
File opened for modification	/etc/resolv.conf	908bf09f36f8e791bc8b1722d0cb4628e309723d289adcae0d8d5fa7b4609a88.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	908bf09f36f8e791bc8b1722d0cb4628e309723d289adcae0d8d5fa7b4609a88.elf

/tmp/908bf09f36f8e791bc8b1722d0cb4628e309723d289adcae0d8d5fa7b4609a88.elf
/tmp/908bf09f36f8e791bc8b1722d0cb4628e309723d289adcae0d8d5fa7b4609a88.elf
1⤵
- Writes DNS configuration
- Reads runtime system information
PID:666

/sbin/iptables
iptables -P INPUT ACCEPT
1⤵
PID:671

/sbin/iptables
iptables -P FORWARD ACCEPT
1⤵
PID:677

/sbin/iptables
iptables -P OUTPUT ACCEPT
1⤵
PID:679

/sbin/iptables
iptables -t nat -F
1⤵
- Flushes firewall rules
PID:681

/sbin/iptables
iptables -t mangle -F
1⤵
- Flushes firewall rules
PID:692

/sbin/iptables
iptables -F
1⤵
- Flushes firewall rules
PID:696

/sbin/iptables
iptables -X
1⤵
- Flushes firewall rules
PID:697

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/666-1-0x00008000-0x0002ecf4-memory.dmp

Download