Analysis
-
max time kernel
50s -
max time network
155s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
-
submitted
18/08/2024, 18:47
General
-
Target
6d232ad69461b6bf73ffd6b69825ece6678462fb5eeed39da08b3839d2f052b7
-
Size
197KB
-
MD5
8a5bddc9b0d4cad084c360ec50b587af
-
SHA1
e02e9015063ac7a068b40d775a66e56aaf85abfe
-
SHA256
6d232ad69461b6bf73ffd6b69825ece6678462fb5eeed39da08b3839d2f052b7
-
SHA512
d4f951a12f33b4b5112008559b7d9ae46796d4fc8bc2fe0c583893c0370b8a25cb071f3982c80279821d9c3ed9a146c552d95f4e2cd3064f5c757693d78a6aa7
-
SSDEEP
3072:4IQzCxHzdOaoUrFaW3VZXKeIvgY4M4dz12o+A:4IQ+xDouaW3LXKR+M4C
Malware Config
Signatures
-
Contacts a large (198822) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination 35 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Changes its process name 1 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 3 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes
-
/tmp/6d232ad69461b6bf73ffd6b69825ece6678462fb5eeed39da08b3839d2f052b7/tmp/6d232ad69461b6bf73ffd6b69825ece6678462fb5eeed39da08b3839d2f052b71⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name
- Enumerates kernel/hardware configuration