General

  • Target

    LVWHL_na.elf

  • Size

    123KB

  • Sample

    241010-hq6meswdkp

  • MD5

    a5563c4f7f5babd86c564554aea383ce

  • SHA1

    4f3fd8bfafc8ad014f159cc7b730a862a6284ad7

  • SHA256

    336d2ba140e98cee45f6f66eb9e3230cff9145a88db69cb8298f0de1a9c6b71d

  • SHA512

    454ae1b9e62603b2037f4c80516ab10cd900c92ae6a51703cff20c1196ba7f3c3b4fcdbdb58cc2492ae1ad524ed6a8d919ec808b4e8ef44e290fd53a39c2db8b

  • SSDEEP

    1536:ufRwvx15eOM5QcdpM72d14znqVQBuPIpoXwZrnJeiPjAfz53sX:um5s5QwM72d+KDPYoXerDjAuX

Malware Config

Targets

    • Target

      LVWHL_na.elf

    • Size

      123KB

    • MD5

      a5563c4f7f5babd86c564554aea383ce

    • SHA1

      4f3fd8bfafc8ad014f159cc7b730a862a6284ad7

    • SHA256

      336d2ba140e98cee45f6f66eb9e3230cff9145a88db69cb8298f0de1a9c6b71d

    • SHA512

      454ae1b9e62603b2037f4c80516ab10cd900c92ae6a51703cff20c1196ba7f3c3b4fcdbdb58cc2492ae1ad524ed6a8d919ec808b4e8ef44e290fd53a39c2db8b

    • SSDEEP

      1536:ufRwvx15eOM5QcdpM72d14znqVQBuPIpoXwZrnJeiPjAfz53sX:um5s5QwM72d+KDPYoXerDjAuX

    • Contacts a large (332033) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Renames itself

    • Deletes log files

      Deletes log files on the system.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks