Overview

overview

10

Static

static

10

na.elf

debian-9-mips

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    na.elf

  • Size

    95KB

  • Sample

    241006-we54ea1dkf

  • MD5

    61f1f712dbc8ddb751f3e46718bdd403

  • SHA1

    4c0371ea9e53353cc358807dff94d2545aa9d97a

  • SHA256

    a287247c8e596443e0072d2b8e4f37f5f995640f9795ea900510869535bf1290

  • SHA512

    5bacfc2406441a9f4a0981da585a1c35973a854d4e8cbd122ef3b489da74aba0c5c1c8fcb1d4d20030438766fc0dbb2f861bf33a63848778230b11a72fb6e3d0

  • SSDEEP

    1536:wUomu8T6Wv45AaLSYBocR72Z6yfhauGUvxtVl2fWbcefGiyfh:ju2bve4YbRe6yfMuHtVl2fWbce+9h

Score
10/10
echobotmiraidefense_evasiondiscovery

Malware Config

Targets

    • Target

      na.elf

    • Size

      95KB

    • MD5

      61f1f712dbc8ddb751f3e46718bdd403

    • SHA1

      4c0371ea9e53353cc358807dff94d2545aa9d97a

    • SHA256

      a287247c8e596443e0072d2b8e4f37f5f995640f9795ea900510869535bf1290

    • SHA512

      5bacfc2406441a9f4a0981da585a1c35973a854d4e8cbd122ef3b489da74aba0c5c1c8fcb1d4d20030438766fc0dbb2f861bf33a63848778230b11a72fb6e3d0

    • SSDEEP

      1536:wUomu8T6Wv45AaLSYBocR72Z6yfhauGUvxtVl2fWbcefGiyfh:ju2bve4YbRe6yfMuHtVl2fWbce+9h

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (251290) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks