4f78767c86f0714dfcb39d6b90af663277ed6fb60f3fcd8415d84c5e659cd915 | Triage

Sharing

General

Target

la.bot.arm6.elf
Size

82KB
Sample

241123-h822ysxmal
MD5

18e3b6c44321a244852ec122d7e9a3ff
SHA1

06c253e3d29b2e4053c674031c90997f8a70bd85
SHA256

4f78767c86f0714dfcb39d6b90af663277ed6fb60f3fcd8415d84c5e659cd915
SHA512

95d55033ea1a8dd2e93654060780978bb1336685802dc807a3151f4632160969f3eb485d903ada39814e2e605877bc26c968ccfe584ddf967cadd8e4c71c4403
SSDEEP

1536:R7nF1w3yMDwuotJIFcZt8HPDxiT9LLSmIdZS7yb/rV3X4M+izLT9kGAwknCnzsTa:71w37DpotmFcgDxiT9vSmIfaG/hLT9k6

Score

9^/10

credential_access defense_evasion discovery

Malware Config

Targets

- Target
  
  la.bot.arm6.elf
- Size
  
  82KB
- MD5
  
  18e3b6c44321a244852ec122d7e9a3ff
- SHA1
  
  06c253e3d29b2e4053c674031c90997f8a70bd85
- SHA256
  
  4f78767c86f0714dfcb39d6b90af663277ed6fb60f3fcd8415d84c5e659cd915
- SHA512
  
  95d55033ea1a8dd2e93654060780978bb1336685802dc807a3151f4632160969f3eb485d903ada39814e2e605877bc26c968ccfe584ddf967cadd8e4c71c4403
- SSDEEP
  
  1536:R7nF1w3yMDwuotJIFcZt8HPDxiT9LLSmIdZS7yb/rV3X4M+izLT9kGAwknCnzsTa:71w37DpotmFcgDxiT9vSmIfaG/hLT9k6
Score

9^/10

credential_access defense_evasion discovery
- Contacts a large (21103) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Renames itself
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasiondiscovery