Analysis
-
max time kernel
151s -
max time network
152s -
platform
debian-9_armhf -
resource
debian9-armhf-20231222-en -
resource tags
-
submitted
18/02/2024, 17:41
General
-
Target
49fba2ed3b8a96a9d656267559e404c6.elf
-
Size
62KB
-
MD5
49fba2ed3b8a96a9d656267559e404c6
-
SHA1
c5bba3c2a8038fea94b94eeda4454ce13e292bed
-
SHA256
a31ed483553048c95a4e14ac6ffb7b138020cb85f4a999ae2dc2372f987685d3
-
SHA512
7d3e3eb9027633611c4336b50cd78bcf446e442cbc24c5d55ff43e304922cbe737c37317c8610a87d8ab0aa58e6ea0fc2e0fe1ffd0e4513afcc382b8a905e919
-
SSDEEP
768:zHnEczUZv4tZy6hQfyjXI8CMRxYVsx/DeiZvspz1Y3W7wCVy/Jx+5H8hG1rmCd/p:rEFZEZyjyj48NCiZvsphYceZWTMWCBf
Malware Config
Signatures
-
Contacts a large (40623) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes itself 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 2 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 51 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/49fba2ed3b8a96a9d656267559e404c6.elf/tmp/49fba2ed3b8a96a9d656267559e404c6.elf1⤵
- Deletes itself
- Enumerates active TCP sockets
- Reads system network configuration
- Writes file to tmp directory