Analysis
-
max time kernel
36s -
max time network
55s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
29/02/2024, 05:30
Behavioral task
behavioral1
Sample
6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7.elf
Resource
debian9-mipsbe-20240226-en
General
-
Target
6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7.elf
-
Size
123KB
-
MD5
bae0c9d003927c8a3d45bc9c037375f7
-
SHA1
8eeb9e9c7adbab720d41a9f9be11b36a60a6e43d
-
SHA256
6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7
-
SHA512
386bafce421a1e1d5881a0d4c2dbdfa0f58c5b46b85130862f976f076e04e9f3f2488be19c1415b9ef71ded6bd6aeed980677c5776a8035594ba7e5333e14ad4
-
SSDEEP
3072:0rG6r/Jvx96mBPYEHL7Tg1UjBEEGUBGxIr7M+jQ199n:qGw/Fx9ZBPtL756Gkf99n
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/misc/watchdog File opened for modification /dev/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route 6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route 6c7e5641ef487524708c94c585d8575bee343c25e1fabcb2b49e9ae26849e5f7.elf -
Reads runtime system information 31 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/373/exe File opened for reading /proc/536/exe File opened for reading /proc/235/exe File opened for reading /proc/115/exe File opened for reading /proc/151/exe File opened for reading /proc/359/exe File opened for reading /proc/69/exe File opened for reading /proc/76/exe File opened for reading /proc/327/exe File opened for reading /proc/374/exe File opened for reading /proc/68/exe File opened for reading /proc/77/exe File opened for reading /proc/81/exe File opened for reading /proc/106/exe File opened for reading /proc/587/exe File opened for reading /proc/73/exe File opened for reading /proc/82/exe File opened for reading /proc/166/exe File opened for reading /proc/71/exe File opened for reading /proc/78/exe File opened for reading /proc/382/exe File opened for reading /proc/584/exe File opened for reading /proc/72/exe File opened for reading /proc/145/exe File opened for reading /proc/329/exe File opened for reading /proc/362/exe File opened for reading /proc/395/exe File opened for reading /proc/84/exe File opened for reading /proc/116/exe File opened for reading /proc/360/exe File opened for reading /proc/74/exe