General

  • Target

    4cf4d8aa4992bc863c60958527dde6017082bd8f2bf079cb5e3b8b46fafd6a7f.elf

  • Size

    75KB

  • Sample

    241016-b3p2waweqc

  • MD5

    ebfbef41fdd3eb0d34f7c20144f1059d

  • SHA1

    50d07cc2ef13b5076e70ff391a993b8bb65e5540

  • SHA256

    4cf4d8aa4992bc863c60958527dde6017082bd8f2bf079cb5e3b8b46fafd6a7f

  • SHA512

    b802754198ac82d0f6048d8505e31843e80e507de88869cac460b5d39e550e6930de3e4c6782a740f5ab769ba703e66734c2f747b6534b82fcce642278a5afa7

  • SSDEEP

    1536:qInpqUVsDSt2FOB25/rExt9KhWL9iIm3405SdelvcispXIj:7XVs+tI5/gjL9iIm340PipX2

Malware Config

Targets

    • Target

      4cf4d8aa4992bc863c60958527dde6017082bd8f2bf079cb5e3b8b46fafd6a7f.elf

    • Size

      75KB

    • MD5

      ebfbef41fdd3eb0d34f7c20144f1059d

    • SHA1

      50d07cc2ef13b5076e70ff391a993b8bb65e5540

    • SHA256

      4cf4d8aa4992bc863c60958527dde6017082bd8f2bf079cb5e3b8b46fafd6a7f

    • SHA512

      b802754198ac82d0f6048d8505e31843e80e507de88869cac460b5d39e550e6930de3e4c6782a740f5ab769ba703e66734c2f747b6534b82fcce642278a5afa7

    • SSDEEP

      1536:qInpqUVsDSt2FOB25/rExt9KhWL9iIm3405SdelvcispXIj:7XVs+tI5/gjL9iIm340PipX2

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks