Analysis
-
max time kernel
107s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
-
submitted
10-10-2024 09:22
General
-
Target
na.elf
-
Size
130KB
-
MD5
17e4dae04b6c95340a4df08ebde65336
-
SHA1
7aa049001870a285253f4565dbab444ba6cc403f
-
SHA256
1bf7b9aac74f39cae6ee8ae25bbb364ab3f382edb507709be8e5c74f57801e7e
-
SHA512
69efedbc5fc5f047b39577c3f6fc4aab451c42ae44067e7d3a77d178ca0f2b5ef70751b7d32436d0be1bbf855ccbeeb27ab8ef23ec554217d5ef9c4eb33886d0
-
SSDEEP
1536:i/UodEcbuJuMbEOoqWeBq1gfjeH73ZSgcZ0pv5ZH3einUb1/ENZYHw:i/rEcqJuMghqFBqKHg60pv5hHCBENZY
Malware Config
Signatures
-
Contacts a large (156396) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes system logs 1 TTPs 2 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself 1 IoCs
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files 1 TTPs 2 IoCs
Deletes log files on the system.
-
Reads process memory 1 TTPs 1 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-
Changes its process name 1 IoCs
Processes
-
/tmp/na.elf/tmp/na.elf1⤵
- Deletes system logs
- Modifies Watchdog functionality
- Renames itself
- Deletes log files
- Reads process memory
- Changes its process name