Overview

overview

10

Static

static

10

85.239.34....15.elf

debian-9-mips

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85.239.34.237-mips-2024-07-17T210915.elf

  • Size

    193KB

  • Sample

    240717-w8wrtsxajg

  • MD5

    08b3002d9c162675f471ab4763b23b36

  • SHA1

    f5eeb90bec4cde14b8b2d75d93e45477b4725514

  • SHA256

    cbb23949b84aa62946c11b56d78afc437ae26fd8d2fc3e282d581f3b81d5aef6

  • SHA512

    d3c512558ab1d40dfdc105accea258228ba12b4d5c0455e6bbf130de261b75179e73d891c78609f95ebc47f4cbbcb08abe282f8f5b6a6724e41a5fb61d03cf6d

  • SSDEEP

    3072:Amh9xAUoIZuoQB1i6HsxZanjgMtik8uXSizBP5:AmhLAUMbB1CUEMv8oSqP5

Score
10/10
miraidiscovery

Malware Config

Targets

    • Target

      85.239.34.237-mips-2024-07-17T210915.elf

    • Size

      193KB

    • MD5

      08b3002d9c162675f471ab4763b23b36

    • SHA1

      f5eeb90bec4cde14b8b2d75d93e45477b4725514

    • SHA256

      cbb23949b84aa62946c11b56d78afc437ae26fd8d2fc3e282d581f3b81d5aef6

    • SHA512

      d3c512558ab1d40dfdc105accea258228ba12b4d5c0455e6bbf130de261b75179e73d891c78609f95ebc47f4cbbcb08abe282f8f5b6a6724e41a5fb61d03cf6d

    • SSDEEP

      3072:Amh9xAUoIZuoQB1i6HsxZanjgMtik8uXSizBP5:AmhLAUMbB1CUEMv8oSqP5

    Score
    9/10
    discovery

    • Contacts a large (1705162) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Discovery

2
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks