Overview

overview

7

Static

static

1

4c99637106...61.elf

debian-12-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c99637106bf1326e4a4ff40228bce7a01b9d78d3777c9d3a4cb4f2b993a9161.elf

  • Size

    75KB

  • Sample

    241014-bq26nsvcnh

  • MD5

    735bf688030036437db33e97be057d81

  • SHA1

    a488e305e653a4d99080a763c45a3862f6733adf

  • SHA256

    4c99637106bf1326e4a4ff40228bce7a01b9d78d3777c9d3a4cb4f2b993a9161

  • SHA512

    28dd3c79c9cc243c0ce304dba5c52ce0023f5734d54996bd34e0a9264ddc1e4d5613a86e0e8a2f52a8b24682c3f89944563c8a1021604b5da651ebf8a16d163b

  • SSDEEP

    1536:JB6AjkwuzV8JpSmCL9hCWHDEUuHDdqBZo7rUw:JB6Ajdq8JpSmCLDzFBA

Score
7/10
credential_accessdefense_evasion

Malware Config

Targets

    • Target

      4c99637106bf1326e4a4ff40228bce7a01b9d78d3777c9d3a4cb4f2b993a9161.elf

    • Size

      75KB

    • MD5

      735bf688030036437db33e97be057d81

    • SHA1

      a488e305e653a4d99080a763c45a3862f6733adf

    • SHA256

      4c99637106bf1326e4a4ff40228bce7a01b9d78d3777c9d3a4cb4f2b993a9161

    • SHA512

      28dd3c79c9cc243c0ce304dba5c52ce0023f5734d54996bd34e0a9264ddc1e4d5613a86e0e8a2f52a8b24682c3f89944563c8a1021604b5da651ebf8a16d163b

    • SSDEEP

      1536:JB6AjkwuzV8JpSmCL9hCWHDEUuHDdqBZo7rUw:JB6Ajdq8JpSmCLDzFBA

    Score
    7/10
    credential_accessdefense_evasion

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks