55325321a02ee60b8c64d675d46191d5426e82746e97dfa6402db430156a5fc7 | Triage

Sharing

General

Target

la.bot.arm6.elf
Size

98KB
Sample

241121-pp5r3askhv
MD5

4fcc6412d60c01c8c6926b183fb42a12
SHA1

63246fbe1bea38302bde5304afbfaab33e55b35e
SHA256

55325321a02ee60b8c64d675d46191d5426e82746e97dfa6402db430156a5fc7
SHA512

2ee46ed4dd282d18aa08975bf752be0b0fffd3f42883780d003c26e0f9636c575f4e3306a54551b5e928e2411d68960879595ad5af6c1e2e9bddd344884c3c6f
SSDEEP

3072:dzWr4ovftsSXP0E9sB0PoS3fG4NFlQhahmnjaonL:d44ovftnF9s1SHNF6ha/A

Score

9^/10

credential_access defense_evasion discovery

Malware Config

Targets

- Target
  
  la.bot.arm6.elf
- Size
  
  98KB
- MD5
  
  4fcc6412d60c01c8c6926b183fb42a12
- SHA1
  
  63246fbe1bea38302bde5304afbfaab33e55b35e
- SHA256
  
  55325321a02ee60b8c64d675d46191d5426e82746e97dfa6402db430156a5fc7
- SHA512
  
  2ee46ed4dd282d18aa08975bf752be0b0fffd3f42883780d003c26e0f9636c575f4e3306a54551b5e928e2411d68960879595ad5af6c1e2e9bddd344884c3c6f
- SSDEEP
  
  3072:dzWr4ovftsSXP0E9sB0PoS3fG4NFlQhahmnjaonL:d44ovftnF9s1SHNF6ha/A
Score

9^/10

credential_access defense_evasion discovery
- Contacts a large (21208) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Renames itself
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasiondiscovery