Overview

overview

10

Static

static

10

27960730119663739

ubuntu-18.04-amd64

27960730119663739

debian-9-armhf

27960730119663739

debian-9-mips

27960730119663739

debian-9-mipsel

32825050225637941

debian-9-mips

7

35616602442412040

debian-9-armhf

6

40378277128495512

ubuntu-18.04-amd64

40378277128495512

debian-9-armhf

40378277128495512

debian-9-mips

40378277128495512

debian-9-mipsel

45331149853509989.apk

android-9-x86

1

45331149853509989.apk

android-10-x64

1

45331149853509989.apk

android-11-x64

1

56618521379097511

debian-12-armhf

7

99971917023891412.exe

windows7-x64

10

99971917023891412.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    25-09-2024 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56618521379097511

  • Size

    191KB

  • MD5

    1e93874a2e62119775e545c413b6c168

  • SHA1

    33e471c1622ef34d4d3e681a570af22b4a17bd19

  • SHA256

    2d894d197ce20ac34f74d35eafb11605efc3dc6ea286dd6c1a2f3542bf75db21

  • SHA512

    7f8b606aff6319104392436628485365cf2de94b9dcddca5dc0c596120a1b46ea3ceea8a903f8b0e027e457b6f79dd8125e11108390c6fe25dace28dd5c939d3

  • SSDEEP

    3072:K+Ag8mGa4ybxHot+ykaTs/eNBHONTEfIg6tLUbt8k8iKkoEM/9y2VLXmFj35VTK:K+ZQapl5aTs/eNBHOREEypKkrM/9y2RT

Score
7/10
credential_accessdefense_evasiondiscovery

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Unexpected DNS network traffic destination 64 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory 1 TTPs 64 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/56618521379097511
    /tmp/56618521379097511
    1⤵
    • Modifies Watchdog functionality
    • Reads process memory
    • Reads runtime system information
    PID:758

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads