Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240226-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    19-04-2024 15:50

General

  • Target

    f3f909238b26928d0587e272fc702866.elf

  • Size

    97KB

  • MD5

    f3f909238b26928d0587e272fc702866

  • SHA1

    aa2a80dc9db8553ea5e17958130662955ade4e10

  • SHA256

    7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1

  • SHA512

    2b09a7fd4391dd9bc48314eaaa75a40eabe8b7332099da2525193cb5f79a0b8d654de0d668fc35806f8fe45bdfa21095f1411c9fe29cbf85eb605bee6d154085

  • SSDEEP

    1536:8wPBYpO2CUIO2/M+LIjrqr1oNgfR34b7ZZ/myEhmJ:8yBYpO2rI/u2R3C7gcJ

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Deletes Audit logs 1 TTPs 1 IoCs

    Deletes logs related to the Linux Audit framework.

  • Deletes itself 1 IoCs
  • Deletes system logs 1 TTPs 1 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/f3f909238b26928d0587e272fc702866.elf
    /tmp/f3f909238b26928d0587e272fc702866.elf
    1⤵
    • Changes its process name
    • Deletes itself
    • Modifies Watchdog functionality
    PID:698

Network

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Indicator Removal

3
T1070

Impair Defenses

1
T1562

Replay Monitor

Loading Replay Monitor...

Downloads