echobot | e0b31a3163864fc43a18fb14cb556b2d3054e635d4c4b3b58dfb4b7f60d24e83 | Triage

Submit
Reports

Overview

overview

Static

static

belks.arm7.elf

debian-12-armhf

9

Sharing

General

Target

belks.arm7.elf
Size

146KB
Sample

241029-xr4a1szkck
MD5

3cd73d3a909a4567ca8f1e96b6bcbd61
SHA1

96dfe0850bba93afbfd451a2a8787e044495c7ed
SHA256

e0b31a3163864fc43a18fb14cb556b2d3054e635d4c4b3b58dfb4b7f60d24e83
SHA512

69698ed70dcd6a34a6898b59c9fec2366a939f3291ba8e4da5aa84294a8556140841a633210ceb320050dc0abe4b148b7eb57ca23fa3110f990aa2be70b62a49
SSDEEP

3072:rSvWfz6ZxE94JBpBG55iIo6Kplb+qz1ziieBvTIu0kcWrXZOCM/92LQLh:+vWfz6ZxE9QpBGDiIulfiieBvTSkZXZk

Score

10^/10

echobot mirai defense_evasion discovery

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

belks.arm7.elf

Resource

debian12-armhf-20240221-en

defense_evasion discovery

debian-12-armhf

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  belks.arm7.elf
- Size
  
  146KB
- MD5
  
  3cd73d3a909a4567ca8f1e96b6bcbd61
- SHA1
  
  96dfe0850bba93afbfd451a2a8787e044495c7ed
- SHA256
  
  e0b31a3163864fc43a18fb14cb556b2d3054e635d4c4b3b58dfb4b7f60d24e83
- SHA512
  
  69698ed70dcd6a34a6898b59c9fec2366a939f3291ba8e4da5aa84294a8556140841a633210ceb320050dc0abe4b148b7eb57ca23fa3110f990aa2be70b62a49
- SSDEEP
  
  3072:rSvWfz6ZxE94JBpBG55iIo6Kplb+qz1ziieBvTIu0kcWrXZOCM/92LQLh:+vWfz6ZxE9QpBGDiIulfiieBvTSkZXZk
Score

9^/10

defense_evasion discovery
- Contacts a large (250192) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy