Overview

overview

7

Static

static

1

dc8c4b56f6...d6.elf

debian-9-armhf

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    dc8c4b56f61f7132ef137f8b893facd6490bf78150a23bf752d96e9ad23a8bd6.zip

  • Size

    58KB

  • Sample

    240822-xcrnnssalg

  • MD5

    33aec892523569a37e0c6c012ff6013d

  • SHA1

    d354d663704629701ec653e2a47ad5df7abfef8a

  • SHA256

    7724bdf18f18f7ddc1adf4c0f8c62ebe0575ba8b5b26bd18430bf7516d7ae373

  • SHA512

    845a1496a4ce73c927516b46d71c8b56a1a5fff475326c1e00319eb8b4aba99550dfa43720665cbff8b0605fa285802221e25c2f8cb55e0d305169c307a08bd2

  • SSDEEP

    1536:LDtMA0ETY+BevG+EWlyovJSgeNA8vbrmyhO4l:PtMA0udevGC/Jr8vmMxl

Score
7/10

Malware Config

Targets

    • Target

      dc8c4b56f61f7132ef137f8b893facd6490bf78150a23bf752d96e9ad23a8bd6.elf

    • Size

      129KB

    • MD5

      807d8c7fa35919155213b01094b19d9f

    • SHA1

      c04e211c4ee20c481358cb50d43fa68dcfd91bb0

    • SHA256

      dc8c4b56f61f7132ef137f8b893facd6490bf78150a23bf752d96e9ad23a8bd6

    • SHA512

      61b9fb07bc486cd547476734b5614d905148290b212b302cbdca449755804ab58a9d0ebf598af6f83049d4eaf3562bb063caae5f4bc9d07f10ab310b8f047c39

    • SSDEEP

      3072:dGLpT+FfqaOEUw0HJZ9rHry/axPZTq2auM/93iIZ:dGFTkqa7Uw0HJZdH1VZTq2jM/93i6

    Score
    7/10

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Traces itself

      Traces itself to prevent debugging attempts

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks