General

  • Target

    na.elf

  • Size

    123KB

  • Sample

    241010-hwvr4s1ala

  • MD5

    ffa10038353177481db7ade52635ff24

  • SHA1

    526d7ad8f5099aed534d33865be077c73195ae57

  • SHA256

    10e60ddb3c9d4d49ea2f8d3367251b2fc6184c09045f2280eabbef445bd69c21

  • SHA512

    bac76a82bfc56025b003f95165652e41ec4d089eaa575736d924de1d7f24b5e4123d5c681898e5b3c12c4014a1a1428d62067e08c96b1e14cbc9b882499c363e

  • SSDEEP

    3072:WlfO5f2sciAFutKj+8jO7a6X5mdV+dXFzqwqu/s:kfOh2Ret2O7a6X5mdVSXTH/s

Malware Config

Targets

    • Target

      na.elf

    • Size

      123KB

    • MD5

      ffa10038353177481db7ade52635ff24

    • SHA1

      526d7ad8f5099aed534d33865be077c73195ae57

    • SHA256

      10e60ddb3c9d4d49ea2f8d3367251b2fc6184c09045f2280eabbef445bd69c21

    • SHA512

      bac76a82bfc56025b003f95165652e41ec4d089eaa575736d924de1d7f24b5e4123d5c681898e5b3c12c4014a1a1428d62067e08c96b1e14cbc9b882499c363e

    • SSDEEP

      3072:WlfO5f2sciAFutKj+8jO7a6X5mdV+dXFzqwqu/s:kfOh2Ret2O7a6X5mdVSXTH/s

    • Contacts a large (178925) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks