General

  • Target

    1687583ec4f145c2801d0ee0f3356defb46f77464bb2fef1e846c20f9a69f88e.elf

  • Size

    79KB

  • Sample

    241016-blevkszakr

  • MD5

    8c04529c402927bf0fda3fed4dcf4471

  • SHA1

    8a69da19370f97d97e918c5bc87900fe43110d43

  • SHA256

    1687583ec4f145c2801d0ee0f3356defb46f77464bb2fef1e846c20f9a69f88e

  • SHA512

    b61d83e8abaaa3319edec56c2ca16a43eba77c882de9461076af39ef0a2065a46c43912fa6e295d4fadce2a77c83de7dc93cb879ef7607bfe370781bfac15c06

  • SSDEEP

    1536:M48sxHfoFQadYNnTjZXH7+tFQw3RI24ZSg7it/3:M1qfoFQAYFTjtSRi+/

Malware Config

Targets

    • Target

      1687583ec4f145c2801d0ee0f3356defb46f77464bb2fef1e846c20f9a69f88e.elf

    • Size

      79KB

    • MD5

      8c04529c402927bf0fda3fed4dcf4471

    • SHA1

      8a69da19370f97d97e918c5bc87900fe43110d43

    • SHA256

      1687583ec4f145c2801d0ee0f3356defb46f77464bb2fef1e846c20f9a69f88e

    • SHA512

      b61d83e8abaaa3319edec56c2ca16a43eba77c882de9461076af39ef0a2065a46c43912fa6e295d4fadce2a77c83de7dc93cb879ef7607bfe370781bfac15c06

    • SSDEEP

      1536:M48sxHfoFQadYNnTjZXH7+tFQw3RI24ZSg7it/3:M1qfoFQAYFTjtSRi+/

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks