5f9c67a0943dc8994603c63b2ffef679e03c6ffd8923e580435761d98c9a19c7 | Triage

Sharing

General

Target

la.bot.arm6.elf
Size

65KB
Sample

241018-f42vaazcmd
MD5

149f60f4f50d4d00e92ef4b431660019
SHA1

c2ab33fa2802a3dcf26af5dc1b7fba5d4d223276
SHA256

5f9c67a0943dc8994603c63b2ffef679e03c6ffd8923e580435761d98c9a19c7
SHA512

fb8ea583f844fa15b172a25ecc49a534983cf994a0b86e3ded2dc94368a66b246697965cc62eb162f52723141d12c1fa4ef30c5ea0959ba4de710b72429d0c9b
SSDEEP

1536:DknOu7qvI1AtAZtWE907EaPvwQbuXBhm/DSipy579UK:14qvI1AtwCtvF/y579U

Score

7^/10

credential_access defense_evasion discovery

Malware Config

Targets

- Target
  
  la.bot.arm6.elf
- Size
  
  65KB
- MD5
  
  149f60f4f50d4d00e92ef4b431660019
- SHA1
  
  c2ab33fa2802a3dcf26af5dc1b7fba5d4d223276
- SHA256
  
  5f9c67a0943dc8994603c63b2ffef679e03c6ffd8923e580435761d98c9a19c7
- SHA512
  
  fb8ea583f844fa15b172a25ecc49a534983cf994a0b86e3ded2dc94368a66b246697965cc62eb162f52723141d12c1fa4ef30c5ea0959ba4de710b72429d0c9b
- SSDEEP
  
  1536:DknOu7qvI1AtAZtWE907EaPvwQbuXBhm/DSipy579UK:14qvI1AtwCtvF/y579U
Score

7^/10

credential_access defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasiondiscovery