aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f

Analysis

max time kernel
150s
max time network
152s
platform
debian-9_mips
resource
debian9-mipsbe-20240418-en
resource tags

arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
10/07/2024, 02:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
Size

66KB
MD5

7d09a3304410fb2ea3c70ae717e480f6
SHA1

23914a64818a5f4521c92cd2d9516c012809fda2
SHA256

aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f
SHA512

362ee1abb3c18f8b436aa244618b50515d6d14c171a9294aa0c3f6453e6a73465a1075463bf84ef6e51da296e6c77e38719b5a34f999ba8810415c7d527daf0f
SSDEEP

1536:e67aXAxkWWN7TzVGwCw0Zoo6wqk13lcWsaMRaUS2jlXPsW9Q:H75xknN3cbw0ZooZWaqS2jNPJa

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (135388) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for modification	/dev/misc/watchdog	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/var/Sofia	738	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/743/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/74/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/229/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/420/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/752/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/71/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/330/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/741/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/20/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/36/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/245/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/379/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/799/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/7/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/22/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/82/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/123/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/730/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/2/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/12/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/17/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/75/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/37/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/698/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/4/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/21/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/705/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/731/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/742/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/76/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/172/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/803/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/153/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/737/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/328/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/359/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/385/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/671/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/735/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/14/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/73/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/15/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/16/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/24/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/67/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/72/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/667/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/8/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/11/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/736/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/13/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/23/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/327/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/381/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/3/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/6/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/19/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/109/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/156/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/332/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/701/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/733/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/9/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
File opened for reading	/proc/10/cmdline	aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf

/tmp/aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
/tmp/aeb8b66777f57847eea1082d897750ea9b90ae87eff955709be3b91c4572299f.elf
1⤵
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information
PID:738

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads