6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7

Analysis

max time kernel
36s
max time network
55s
platform
debian-9_mips
resource
debian9-mipsbe-20240226-en
resource tags

arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
29/02/2024, 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7.elf
Size

123KB
MD5

bae0c9d003927c8a3d45bc9c037375f7
SHA1

8eeb9e9c7adbab720d41a9f9be11b36a60a6e43d
SHA256

6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7
SHA512

386bafce421a1e1d5881a0d4c2dbdfa0f58c5b46b85130862f976f076e04e9f3f2488be19c1415b9ef71ded6bd6aeed980677c5776a8035594ba7e5333e14ad4
SSDEEP

3072:0rG6r/Jvx96mBPYEHL7Tg1UjBEEGUBGxIr7M+jQ199n:qGw/Fx9ZBPtL756Gkf99n

Score

7^/10

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/misc/watchdog
File opened for modification	/dev/watchdog

Enumerates running processes
Discovers information about currently running processes on the system

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/route	6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/route	6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7.elf

Reads runtime system information 31 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/373/exe
File opened for reading	/proc/536/exe
File opened for reading	/proc/235/exe
File opened for reading	/proc/115/exe
File opened for reading	/proc/151/exe
File opened for reading	/proc/359/exe
File opened for reading	/proc/69/exe
File opened for reading	/proc/76/exe
File opened for reading	/proc/327/exe
File opened for reading	/proc/374/exe
File opened for reading	/proc/68/exe
File opened for reading	/proc/77/exe
File opened for reading	/proc/81/exe
File opened for reading	/proc/106/exe
File opened for reading	/proc/587/exe
File opened for reading	/proc/73/exe
File opened for reading	/proc/82/exe
File opened for reading	/proc/166/exe
File opened for reading	/proc/71/exe
File opened for reading	/proc/78/exe
File opened for reading	/proc/382/exe
File opened for reading	/proc/584/exe
File opened for reading	/proc/72/exe
File opened for reading	/proc/145/exe
File opened for reading	/proc/329/exe
File opened for reading	/proc/362/exe
File opened for reading	/proc/395/exe
File opened for reading	/proc/84/exe
File opened for reading	/proc/116/exe
File opened for reading	/proc/360/exe
File opened for reading	/proc/74/exe

/tmp/6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7.elf
/tmp/6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:701

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads