Overview

overview

10

Static

static

10

jade.arm6.elf

debian-12-armhf

9

Resubmissions

09/08/2024, 23:56

240809-3y2cwswbnj 10

09/08/2024, 11:08

240809-m8jmtszdnr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jade.arm6.elf

  • Size

    150KB

  • Sample

    240809-3y2cwswbnj

  • MD5

    17699adace26551051413833368ff9e5

  • SHA1

    c5edd39073106e6d081f7295ae0c1d52854c1e27

  • SHA256

    ae1fb53e0df886e52db23d39470cb6d2019582173ea8ec0c150c7dc3290896dc

  • SHA512

    e674a6ab54ecb25eca0bbd8216a7bf260dfcb4ebec8643b56524ecc65fdade4ec79812b64cc63cfce9576b446763db31315b6d16b6403a5e7b9f6f45441ab4fe

  • SSDEEP

    3072:yQPdLQaxeqUwae7idzNd+0bBG3MRdV8uX1iFxVtTLWe:yQ1LQ2erx+0bBG34dRX1iFxVhWe

Score
10/10
echobotmiraidiscovery

Malware Config

Targets

    • Target

      jade.arm6.elf

    • Size

      150KB

    • MD5

      17699adace26551051413833368ff9e5

    • SHA1

      c5edd39073106e6d081f7295ae0c1d52854c1e27

    • SHA256

      ae1fb53e0df886e52db23d39470cb6d2019582173ea8ec0c150c7dc3290896dc

    • SHA512

      e674a6ab54ecb25eca0bbd8216a7bf260dfcb4ebec8643b56524ecc65fdade4ec79812b64cc63cfce9576b446763db31315b6d16b6403a5e7b9f6f45441ab4fe

    • SSDEEP

      3072:yQPdLQaxeqUwae7idzNd+0bBG3MRdV8uX1iFxVtTLWe:yQ1LQ2erx+0bBG34dRX1iFxVhWe

    Score
    9/10
    discovery

    • Contacts a large (18530) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks