Overview

overview

9

Static

static

1

na.elf

debian-9-mips

9

Analysis

  • max time kernel
    127s
  • max time network
    145s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    10-10-2024 06:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    na.elf

  • Size

    70KB

  • MD5

    a089784465bf00170de07fba33cfcd64

  • SHA1

    70232249f8aa23657b401c2b87dfc1d8bd0b145a

  • SHA256

    f2215fa6d1b7eb3e43fd85348f1feba29e09e129de4cb7c3596ae7d270d6916f

  • SHA512

    46775d5c61bf12ee3d3c6f1508e9e58da316941224431b85f5007db0007670026de9510c08b848ce581e74ece78a21639d1ae549106fbd823f931a2d7238d38c

  • SSDEEP

    768:HAyrRVLCJKFJMOoQZSW7HSIHu3VO5UkMXqMh8K8wTmuqqr/kBIutcDsugutcDsF5:HkaoQXvO3VOYmkkvdWjKohLdTz

Score
9/10
credential_accessdefense_evasiondiscoveryevasion

Malware Config

Signatures

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Deletes system logs 1 TTPs 1 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    evasion
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Renames itself 1 IoCs
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

    defense_evasion
  • Reads process memory 1 TTPs 1 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  • Changes its process name 1 IoCs

Processes

  • /tmp/na.elf
    /tmp/na.elf
    1⤵
    • Deletes system logs
    • Modifies Watchdog functionality
    • Renames itself
    • Deletes log files
    • Reads process memory
    • Changes its process name
    PID:698

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads