General

  • Target

    jade.mips.elf

  • Size

    140KB

  • Sample

    240821-qrvkjs1bpa

  • MD5

    e2cb67fdc214be07e95c936c47fcb92a

  • SHA1

    b0dbc592fcfb9c70ee06bc004a2dd9c01da500ad

  • SHA256

    68ee723f8a812a0712cc4b58830e5138bdded389d3f62a8e13dda881cd2d4eda

  • SHA512

    129412a0c621f76bcc1e32cbe6dbe314b99bdd365e4d0b17f7744d2f550e6430f4896e747794ece88b1b9f56c411ad847c19ab52610de9dad56a4d9e944dc807

  • SSDEEP

    3072:jw0VJD/eGdUAHj11b68XD4QJkY7Zozo9Rc431abeZiNL/43P:jw0VJD/eGdUAHj11b68XD4QJkY7Z59RJ

Score
10/10

Malware Config

Targets

    • Target

      jade.mips.elf

    • Size

      140KB

    • MD5

      e2cb67fdc214be07e95c936c47fcb92a

    • SHA1

      b0dbc592fcfb9c70ee06bc004a2dd9c01da500ad

    • SHA256

      68ee723f8a812a0712cc4b58830e5138bdded389d3f62a8e13dda881cd2d4eda

    • SHA512

      129412a0c621f76bcc1e32cbe6dbe314b99bdd365e4d0b17f7744d2f550e6430f4896e747794ece88b1b9f56c411ad847c19ab52610de9dad56a4d9e944dc807

    • SSDEEP

      3072:jw0VJD/eGdUAHj11b68XD4QJkY7Zozo9Rc431abeZiNL/43P:jw0VJD/eGdUAHj11b68XD4QJkY7Z59RJ

    Score
    9/10
    • Contacts a large (218841) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks