Overview

overview

9

Static

static

1

na.elf

debian-12-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    na.elf

  • Size

    73KB

  • Sample

    241010-hnpacswckr

  • MD5

    e51f86619c47dab7600c87664e23b0ed

  • SHA1

    825901e5287199ca971697a30ddb13fa621f95c8

  • SHA256

    5a53c58c88d848f504c13281e62e66d7fed2f7e75a68b0b9f82879c949406795

  • SHA512

    219605cf7a441036b5c8b9e4cc9f757855ee6e26a515c53373775fceb7edba2d87c1698a71b905434104410c0f0341073b03e8e1d4a4e2aeed424756e1dcc34e

  • SSDEEP

    1536:Uknswd9ILtxLmuP7E06hnkehh4R99W/NVnF2lPhiSM7Rkn:gE9ILtsaOmehhu99W/NOBM7A

Score
9/10
credential_accessdefense_evasiondiscovery

Malware Config

Targets

    • Target

      na.elf

    • Size

      73KB

    • MD5

      e51f86619c47dab7600c87664e23b0ed

    • SHA1

      825901e5287199ca971697a30ddb13fa621f95c8

    • SHA256

      5a53c58c88d848f504c13281e62e66d7fed2f7e75a68b0b9f82879c949406795

    • SHA512

      219605cf7a441036b5c8b9e4cc9f757855ee6e26a515c53373775fceb7edba2d87c1698a71b905434104410c0f0341073b03e8e1d4a4e2aeed424756e1dcc34e

    • SSDEEP

      1536:Uknswd9ILtxLmuP7E06hnkehh4R99W/NVnF2lPhiSM7Rkn:gE9ILtsaOmehhu99W/NOBM7A

    Score
    9/10
    credential_accessdefense_evasiondiscovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks