Overview

overview

9

Static

static

1

arm7

debian-12-armhf

9

arm7

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    arm7

  • Size

    142KB

  • Sample

    241009-b54ytazfkl

  • MD5

    d694d071d0c9720e41d57bf60c64f5e2

  • SHA1

    51e8fdb23a5e536ffefdc87960270b92abd812a1

  • SHA256

    ab0fe31f61afd3aec83ec9bb3afa5215e4225baa44ba7ecff9075bcb77cd5d07

  • SHA512

    d63b45f3343a75b57f985a7ceb7b64974f64760a3420b9316fc4743e36ca75eb62b4ac6340b9b455ad9bd161d5c1302567e221dff9f494cff35e979988d213cd

  • SSDEEP

    3072:udfoMGIY6PyS2gstrSiFH9Y+SbaPSS47oZ9kQetLEa3kiFNTGve:SZYikSu9Y+u6T47oZ9kQqLEajhGve

Score
9/10
defense_evasiondiscovery

Malware Config

Targets

    • Target

      arm7

    • Size

      142KB

    • MD5

      d694d071d0c9720e41d57bf60c64f5e2

    • SHA1

      51e8fdb23a5e536ffefdc87960270b92abd812a1

    • SHA256

      ab0fe31f61afd3aec83ec9bb3afa5215e4225baa44ba7ecff9075bcb77cd5d07

    • SHA512

      d63b45f3343a75b57f985a7ceb7b64974f64760a3420b9316fc4743e36ca75eb62b4ac6340b9b455ad9bd161d5c1302567e221dff9f494cff35e979988d213cd

    • SSDEEP

      3072:udfoMGIY6PyS2gstrSiFH9Y+SbaPSS47oZ9kQetLEa3kiFNTGve:SZYikSu9Y+u6T47oZ9kQqLEajhGve

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (200003) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks