General

  • Target

    ed053f7989c52ff8138a36ad959500bb01cd9dcadfdce5c5033a1d7698c06818.elf

  • Size

    75KB

  • Sample

    241014-psvq9swana

  • MD5

    d633c03b2d4ba9af334aa99654ea273f

  • SHA1

    578afe2aaa0c7195f1f7fa698a5f989802293dac

  • SHA256

    ed053f7989c52ff8138a36ad959500bb01cd9dcadfdce5c5033a1d7698c06818

  • SHA512

    900b2da50ddcbc4a059c53a3427a16af983a4c7f7f986fd2adc352640d05bcc330cfbfbe25dc24b0f2525d2ac907ad0fbc8369a59ed2b06794b6e60b3e01b19d

  • SSDEEP

    768:h4IG9ZPvS5uHSXirhev0vJxFcMfeeBsmDNWggyY0IiWzzp9nvRd0xlsFnsaqI:h4IG9U7irhepMmeimDjcVznncsFsrI

Malware Config

Targets

    • Target

      ed053f7989c52ff8138a36ad959500bb01cd9dcadfdce5c5033a1d7698c06818.elf

    • Size

      75KB

    • MD5

      d633c03b2d4ba9af334aa99654ea273f

    • SHA1

      578afe2aaa0c7195f1f7fa698a5f989802293dac

    • SHA256

      ed053f7989c52ff8138a36ad959500bb01cd9dcadfdce5c5033a1d7698c06818

    • SHA512

      900b2da50ddcbc4a059c53a3427a16af983a4c7f7f986fd2adc352640d05bcc330cfbfbe25dc24b0f2525d2ac907ad0fbc8369a59ed2b06794b6e60b3e01b19d

    • SSDEEP

      768:h4IG9ZPvS5uHSXirhev0vJxFcMfeeBsmDNWggyY0IiWzzp9nvRd0xlsFnsaqI:h4IG9U7irhepMmeimDjcVznncsFsrI

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Deletes log files

      Deletes log files on the system.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks