2552c8cebe8ba2d5e2ac027d2706dd68a7afe9542f9adac410eef17cfe21109e

Analysis

max time kernel
149s
max time network
153s
platform
debian-12_armhf
resource
debian12-armhf-20240418-en
resource tags

arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
14/08/2024, 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2552c8cebe8ba2d5e2ac027d2706dd68a7afe9542f9adac410eef17cfe21109e.elf
Size

128KB
MD5

6a5f71cc8ce9fc844e81a0128bbaf373
SHA1

d0a070391f4776927a0c6119ccda15f7578b1462
SHA256

2552c8cebe8ba2d5e2ac027d2706dd68a7afe9542f9adac410eef17cfe21109e
SHA512

5d90ef4a1b01bacea246e83f0f460963a4588a4a5eb4473fcc62a1bf22476ab28a1b4bbacaa2b401b574fac6090551c7ecfc80986a63af5ffbcf87b6d3b18b23
SSDEEP

3072:sMHPScubW1szNNQSHfFBLkKiKweZ1SlgydxV0wmywPoIlq:sMHPScGKsXQSHfFBIKQySlgQxV0wmyw4

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (54133) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	2552c8cebe8ba2d5e2ac027d2706dd68a7afe9542f9adac410eef17cfe21109e.elf
File opened for modification	/dev/misc/watchdog	2552c8cebe8ba2d5e2ac027d2706dd68a7afe9542f9adac410eef17cfe21109e.elf

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow

T1574

description	ioc	Process
File opened for modification	/sbin/watchdog	2552c8cebe8ba2d5e2ac027d2706dd68a7afe9542f9adac410eef17cfe21109e.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	wxsl2upt870y263xs6ir	712	2552c8cebe8ba2d5e2ac027d2706dd68a7afe9542f9adac410eef17cfe21109e.elf

/tmp/2552c8cebe8ba2d5e2ac027d2706dd68a7afe9542f9adac410eef17cfe21109e.elf
/tmp/2552c8cebe8ba2d5e2ac027d2706dd68a7afe9542f9adac410eef17cfe21109e.elf
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads