Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240221-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    12-10-2024 15:09

General

  • Target

    na.elf

  • Size

    90KB

  • MD5

    803d17dbfe0962640f6ab115f2594514

  • SHA1

    09ad3f6560a5da29b0f9c7e83b18cac921ba24ed

  • SHA256

    3f1c562a2126a513e253a200ae8ed9024d21c1b1eae4155c3dcd04d4e2aa33eb

  • SHA512

    b14b4ca41e1b15d7ec85431ff658219003d6951fbe7394932fcbd2647000d07f2c383b256d82d6f3a7800fa427f5fa49fc8945435a2a6b3242159339e54138bc

  • SSDEEP

    1536:a5DnSB+v5MjQm2g17xk49d6xZLu8vJ4TGo8S:a5TSB+v5MjQm11GFrvhrS

Malware Config

Signatures

  • Contacts a large (86510) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads process memory 1 TTPs 16 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/na.elf
    /tmp/na.elf
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads process memory
    • Changes its process name
    • Reads system network configuration
    PID:742

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads