88bd698fe120b22aaacbe3501a5b595524e1175907f33b6025d6b0ec3c6005fd | Triage

Submit
Reports

Overview

overview

7

Static

static

1

d6511093c9...85.elf

debian-9-mips

7

Sharing

Copy URL Twitter E-mail

General

Target

bf89e1028871c85f40372e5943204c12.bin
Size

77KB
Sample

240819-b7dvea1bnp
MD5

26a116b27c85e467616c0fa78f04f912
SHA1

4db3d227d18927c60d3ec0dbf4d8bf4a261384d3
SHA256

88bd698fe120b22aaacbe3501a5b595524e1175907f33b6025d6b0ec3c6005fd
SHA512

1fffe754d103676a83748271d24490f95e29c0f9d4119e3c7c52e94fb56180a3c27af7f08cb912cc7c8405532517c6b5fbae6b100cb2522fa3c86a6978c2d5fd
SSDEEP

1536:Hrpf3qR8yQGpiKq2K8boV77l2nULlBSEMcWC4Z0wegqyDa:H1vqXrc8boBIS4i4ZPqyDa

Score

7^/10

antivm persistence

Static task

static1

Behavioral task

behavioral1

Sample

d6511093c90e89b7a3593377a3019f6be439b45e33bf6ce05e05b622f6bad985.elf

Resource

debian9-mipsbe-20240418-en

antivm persistence

debian-9-mips

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d6511093c90e89b7a3593377a3019f6be439b45e33bf6ce05e05b622f6bad985.elf
- Size
  
  159KB
- MD5
  
  bf89e1028871c85f40372e5943204c12
- SHA1
  
  3f685e86c87ba2a8edb1c31c668b21aa3797095d
- SHA256
  
  d6511093c90e89b7a3593377a3019f6be439b45e33bf6ce05e05b622f6bad985
- SHA512
  
  5c8db103c8312c726a07b6c178324d308c4ca7f8552f5693e952842e289cb2062bd268eac5c0052adf9ea9d1f677658a1edeb07a9c65f01da7834536620b8501
- SSDEEP
  
  3072:D/sOo/GbAYBIHikRkfmpe39KRPcyfa8IsyKsGhjB5l:DJjYHjkfaetmbNyK19Hl
Score

7^/10

antivm persistence
- Executes dropped EXE
- Flushes firewall rules
  Flushes/ disables firewall rules inside the Linux kernel.
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks mountinfo of local process
  Checks mountinfo of running processes which indicate if it is running in chroot jail.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

antivmpersistence

© 2018-2025

Terms | Privacy