Overview
overview
10Static
static
1027960730119663739
ubuntu-18.04-amd64
27960730119663739
debian-9-armhf
27960730119663739
debian-9-mips
27960730119663739
debian-9-mipsel
32825050225637941
debian-9-mips
735616602442412040
debian-9-armhf
640378277128495512
ubuntu-18.04-amd64
40378277128495512
debian-9-armhf
40378277128495512
debian-9-mips
40378277128495512
debian-9-mipsel
45331149853509989.apk
android-9-x86
145331149853509989.apk
android-10-x64
145331149853509989.apk
android-11-x64
156618521379097511
debian-12-armhf
799971917023891412.exe
windows7-x64
1099971917023891412.exe
windows10-2004-x64
10Analysis
-
max time kernel
148s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25-09-2024 13:33
Behavioral task
behavioral1
Sample
27960730119663739
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral2
Sample
27960730119663739
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral3
Sample
27960730119663739
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral4
Sample
27960730119663739
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral5
Sample
32825050225637941
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral6
Sample
35616602442412040
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral7
Sample
40378277128495512
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral8
Sample
40378277128495512
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral9
Sample
40378277128495512
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral10
Sample
40378277128495512
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral11
Sample
45331149853509989.apk
Resource
android-x86-arm-20240624-en
android-9-x86
Behavioral task
behavioral12
Sample
45331149853509989.apk
Resource
android-x64-20240624-en
android-10-x64
Behavioral task
behavioral13
Sample
45331149853509989.apk
Resource
android-x64-arm64-20240624-en
android-11-x64
Behavioral task
behavioral14
Sample
56618521379097511
Resource
debian12-armhf-20240729-en
debian-12-armhf
Behavioral task
behavioral15
Sample
99971917023891412.exe
Resource
win7-20240903-en
windows7-x64
General
-
Target
32825050225637941
-
Size
71KB
-
MD5
1b2d3d937052ac1d989a7e5bfd9d28f6
-
SHA1
5979c7ac4862133628386135a845893d38e218bb
-
SHA256
718cb76210b528fe1eddf533a352a2f4583957a0f4144a9b6389c600273bf6be
-
SHA512
89f454a499a1e6e3010a57315f9ed11324813b39638fcc843778c75e163c85bd36d8d0b32839487c7979cf194dd99a7e0451ab03bb31257eb257453782bd1489
-
SSDEEP
768:TLGl3o5UaqLQqeuuBLvDn9N1FdVtlb/T3etCj/zGxcLso+kw6R2CC76t16v219/A:TD5bdw6Q77yd5Lehk0oXAH
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 726 32825050225637941 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 32825050225637941 File opened for modification /dev/misc/watchdog 32825050225637941 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 4 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself bash 727 Changes the process name, possibly in an attempt to hide itself nginx 728 Changes the process name, possibly in an attempt to hide itself inetd 729 Changes the process name, possibly in an attempt to hide itself systemd 730 -
description ioc Process File opened for reading /proc/75/cmdline 32825050225637941 File opened for reading /proc/9/cmdline 32825050225637941 File opened for reading /proc/11/cmdline 32825050225637941 File opened for reading /proc/17/cmdline 32825050225637941 File opened for reading /proc/126/cmdline 32825050225637941 File opened for reading /proc/83/cmdline 32825050225637941 File opened for reading /proc/703/cmdline 32825050225637941 File opened for reading /proc/23/cmdline 32825050225637941 File opened for reading /proc/685/cmdline 32825050225637941 File opened for reading /proc/730/cmdline 32825050225637941 File opened for reading /proc/733/cmdline 32825050225637941 File opened for reading /proc/799/cmdline 32825050225637941 File opened for reading /proc/5/cmdline 32825050225637941 File opened for reading /proc/12/cmdline 32825050225637941 File opened for reading /proc/18/cmdline 32825050225637941 File opened for reading /proc/24/cmdline 32825050225637941 File opened for reading /proc/332/cmdline 32825050225637941 File opened for reading /proc/377/cmdline 32825050225637941 File opened for reading /proc/708/cmdline 32825050225637941 File opened for reading /proc/718/cmdline 32825050225637941 File opened for reading /proc/2/cmdline 32825050225637941 File opened for reading /proc/4/cmdline 32825050225637941 File opened for reading /proc/22/cmdline 32825050225637941 File opened for reading /proc/72/cmdline 32825050225637941 File opened for reading /proc/329/cmdline 32825050225637941 File opened for reading /proc/331/cmdline 32825050225637941 File opened for reading /proc/334/cmdline 32825050225637941 File opened for reading /proc/385/cmdline 32825050225637941 File opened for reading /proc/8/cmdline 32825050225637941 File opened for reading /proc/19/cmdline 32825050225637941 File opened for reading /proc/775/cmdline 32825050225637941 File opened for reading /proc/13/cmdline 32825050225637941 File opened for reading /proc/434/cmdline 32825050225637941 File opened for reading /proc/702/cmdline 32825050225637941 File opened for reading /proc/725/cmdline 32825050225637941 File opened for reading /proc/3/cmdline 32825050225637941 File opened for reading /proc/7/cmdline 32825050225637941 File opened for reading /proc/388/cmdline 32825050225637941 File opened for reading /proc/380/cmdline 32825050225637941 File opened for reading /proc/36/cmdline 32825050225637941 File opened for reading /proc/155/cmdline 32825050225637941 File opened for reading /proc/15/cmdline 32825050225637941 File opened for reading /proc/77/cmdline 32825050225637941 File opened for reading /proc/73/cmdline 32825050225637941 File opened for reading /proc/109/cmdline 32825050225637941 File opened for reading /proc/241/cmdline 32825050225637941 File opened for reading /proc/684/cmdline 32825050225637941 File opened for reading /proc/771/cmdline 32825050225637941 File opened for reading /proc/16/cmdline 32825050225637941 File opened for reading /proc/21/cmdline 32825050225637941 File opened for reading /proc/68/cmdline 32825050225637941 File opened for reading /proc/74/cmdline 32825050225637941 File opened for reading /proc/81/cmdline 32825050225637941 File opened for reading /proc/160/cmdline 32825050225637941 File opened for reading /proc/6/cmdline 32825050225637941 File opened for reading /proc/14/cmdline 32825050225637941 File opened for reading /proc/723/cmdline 32825050225637941 File opened for reading /proc/76/cmdline 32825050225637941 File opened for reading /proc/680/cmdline 32825050225637941 File opened for reading /proc/69/cmdline 32825050225637941 File opened for reading /proc/328/cmdline 32825050225637941 File opened for reading /proc/729/cmdline 32825050225637941 File opened for reading /proc/10/cmdline 32825050225637941 File opened for reading /proc/20/cmdline 32825050225637941