Analysis
-
max time kernel
143s -
max time network
146s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
-
submitted
10-10-2024 06:53
General
-
Target
na.elf
-
Size
74KB
-
MD5
6e64b8522b853b17feed74a1170fbb8b
-
SHA1
282451d78ecbace0efa5169e58132d11237b7e2f
-
SHA256
91a22187062f3ef5b8b5ff190af212bf7105f88ddc26dd5c3952118562bda787
-
SHA512
2ab996a776361f22a24474bbd5f9f71281ad01f054c2bd6e03c907e11334774d0b8d1f3aecc130f6506d6f5c9a0f8c27389cd55854e1689cab36a853a772496b
-
SSDEEP
1536:Y0BRbaEOycqIGBWy+GtQ4DuXUWHCROZKwdS:7BBanycqIGkyHKCRO
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes system logs 1 TTPs 2 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself 1 IoCs
-
Unexpected DNS network traffic destination 4 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files 1 TTPs 2 IoCs
Deletes log files on the system.
-
Reads process memory 1 TTPs 1 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-
Changes its process name 1 IoCs
Processes
-
/tmp/na.elf/tmp/na.elf1⤵
- Deletes system logs
- Modifies Watchdog functionality
- Renames itself
- Deletes log files
- Reads process memory
- Changes its process name