Overview

overview

9

Static

static

1

mipsel.nn.elf

debian-12-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mipsel.nn.elf

  • Size

    134KB

  • Sample

    241120-dy66pszblb

  • MD5

    2fcff406e1f57e00d98b987d23cd398f

  • SHA1

    7675a391d83a38868d5f9194a9c7248291e1705a

  • SHA256

    f34e59d9711b93c8c0192f717063b7db0d20cb342490a0c9fc9d9d63d245d067

  • SHA512

    6003c40f6af2626ab5fcf6fc381e4e27abb624111d8e297d24b2110d78134ade98cc702e0fe3c556b65900b9a03efbde16e53395280bdbf395b9d936c19227de

  • SSDEEP

    1536:tLXuqtWr4N9zWJPEceN7U9empeIwOdzZXz8EmbycedlGcYx3dZ3aHXzy+LwCvnqX:puqtWr4DItmecedlotFU3vnqln

Score
9/10
defense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      mipsel.nn.elf

    • Size

      134KB

    • MD5

      2fcff406e1f57e00d98b987d23cd398f

    • SHA1

      7675a391d83a38868d5f9194a9c7248291e1705a

    • SHA256

      f34e59d9711b93c8c0192f717063b7db0d20cb342490a0c9fc9d9d63d245d067

    • SHA512

      6003c40f6af2626ab5fcf6fc381e4e27abb624111d8e297d24b2110d78134ade98cc702e0fe3c556b65900b9a03efbde16e53395280bdbf395b9d936c19227de

    • SSDEEP

      1536:tLXuqtWr4N9zWJPEceN7U9empeIwOdzZXz8EmbycedlGcYx3dZ3aHXzy+LwCvnqX:puqtWr4DItmecedlotFU3vnqln

    Score
    9/10
    defense_evasiondiscoverypersistenceprivilege_escalation

    • Contacts a large (8910) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistenceprivilege_escalationdefense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistenceprivilege_escalation

    • Modifies Bash startup script

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

4
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

2
T1037

RC Scripts

2
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Privilege Escalation

Boot or Logon Autostart Execution

4
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

2
T1037

RC Scripts

2
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Defense Evasion

File and Directory Permissions Modification

1
T1222

Linux and Mac File and Directory Permissions Modification

1
T1222.002

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Discovery

2
T1046

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks