Overview

overview

9

Static

static

1

arm7.nn-20...08.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    arm7.nn-20241120-0508.elf

  • Size

    185KB

  • Sample

    241120-fs459s1pgv

  • MD5

    2d15ced2d9e62098c4ad87637a8a35fe

  • SHA1

    f8bab4319a890265ad08b599c5d62d676bc720cc

  • SHA256

    05f78d4d0a1cad88b46f45f8feee8d0456282c0da55fc77a5387af6edcce6472

  • SHA512

    39eeb82d5d330291aef97cc486fe327f617b09614c6bfd1fdf81e5126469efdc67849193af3de5d402af7e219f11343961ebefd927611f6529501bb9e5d5a564

  • SSDEEP

    3072:mzH4ssBbOCTqy7aWgSUw/1NKkVS4fTe+YLXnqQZCKvi4+M/98KXmaw+spz:mzHWBbpb7aWgSUw/1NDVSLr0KvihM/92

Score
9/10
defense_evasiondiscoveryexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      arm7.nn-20241120-0508.elf

    • Size

      185KB

    • MD5

      2d15ced2d9e62098c4ad87637a8a35fe

    • SHA1

      f8bab4319a890265ad08b599c5d62d676bc720cc

    • SHA256

      05f78d4d0a1cad88b46f45f8feee8d0456282c0da55fc77a5387af6edcce6472

    • SHA512

      39eeb82d5d330291aef97cc486fe327f617b09614c6bfd1fdf81e5126469efdc67849193af3de5d402af7e219f11343961ebefd927611f6529501bb9e5d5a564

    • SSDEEP

      3072:mzH4ssBbOCTqy7aWgSUw/1NKkVS4fTe+YLXnqQZCKvi4+M/98KXmaw+spz:mzHWBbpb7aWgSUw/1NDVSLr0KvihM/92

    Score
    9/10
    defense_evasiondiscoveryexecutionpersistenceprivilege_escalation

    • Contacts a large (12486) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistenceprivilege_escalationdefense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistenceprivilege_escalation

    • Modifies Bash startup script

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Unix Shell

1
T1059.004

Persistence

Boot or Logon Autostart Execution

4
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

2
T1037

RC Scripts

2
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Privilege Escalation

Boot or Logon Autostart Execution

4
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

2
T1037

RC Scripts

2
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Defense Evasion

File and Directory Permissions Modification

1
T1222

Linux and Mac File and Directory Permissions Modification

1
T1222.002

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Discovery

2
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks