General

  • Target

    921922d4b266e46c22277a5dca8335b908a5cae0361ff62fd2b6e92597a52fa2.elf

  • Size

    53KB

  • Sample

    241014-nxsa9svand

  • MD5

    93d58556cd5fa27eb69b3fa09b3d959a

  • SHA1

    7868c52e84ac919c76df602d1ee94974a7f5eb2b

  • SHA256

    921922d4b266e46c22277a5dca8335b908a5cae0361ff62fd2b6e92597a52fa2

  • SHA512

    8004b5344f00b2915b3678b7212fcb99cf8b6454be5448bf136b86aa3ebd0d813bf408a559cf1952820f68408005e8b3b980a618da19018cbf88c84b25b7cb1c

  • SSDEEP

    768:CuXAV5ra9NBNezUBdSPlk4rVGetMT32aqW34ZkEwcgjQPRdkaG0+mM42I2Xn2nqI:BTOPLMeiq4F8vkW+oTQzQL7

Malware Config

Targets

    • Target

      921922d4b266e46c22277a5dca8335b908a5cae0361ff62fd2b6e92597a52fa2.elf

    • Size

      53KB

    • MD5

      93d58556cd5fa27eb69b3fa09b3d959a

    • SHA1

      7868c52e84ac919c76df602d1ee94974a7f5eb2b

    • SHA256

      921922d4b266e46c22277a5dca8335b908a5cae0361ff62fd2b6e92597a52fa2

    • SHA512

      8004b5344f00b2915b3678b7212fcb99cf8b6454be5448bf136b86aa3ebd0d813bf408a559cf1952820f68408005e8b3b980a618da19018cbf88c84b25b7cb1c

    • SSDEEP

      768:CuXAV5ra9NBNezUBdSPlk4rVGetMT32aqW34ZkEwcgjQPRdkaG0+mM42I2Xn2nqI:BTOPLMeiq4F8vkW+oTQzQL7

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Deletes log files

      Deletes log files on the system.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks