General

  • Target

    arm7.nn.elf

  • Size

    193KB

  • Sample

    241124-dfk6hswrhq

  • MD5

    52f8ba7ec3fb098b98b2a6af0e1a167d

  • SHA1

    fec4ea7eef169861312a6f18bd33f7717135616a

  • SHA256

    ecb44ab91fc6a094fb568523f7e23f3338b95386b71657a5f335b1031c9f89cf

  • SHA512

    a0294ab1e8bbce589ae627017cfc20caa8546c189db868e599b5689d518b6159e08b3a2def36c214a4d379c48fd1aa3ac4904e74becd680c1527f17f0dd2f8aa

  • SSDEEP

    6144:QTNCjBOFn0QasgIyfJkUvnuH+G2HdM/9SPamqwQjy/:SCon0Qa/IyfJkUv35q/cymqljy/

Malware Config

Targets

    • Target

      arm7.nn.elf

    • Size

      193KB

    • MD5

      52f8ba7ec3fb098b98b2a6af0e1a167d

    • SHA1

      fec4ea7eef169861312a6f18bd33f7717135616a

    • SHA256

      ecb44ab91fc6a094fb568523f7e23f3338b95386b71657a5f335b1031c9f89cf

    • SHA512

      a0294ab1e8bbce589ae627017cfc20caa8546c189db868e599b5689d518b6159e08b3a2def36c214a4d379c48fd1aa3ac4904e74becd680c1527f17f0dd2f8aa

    • SSDEEP

      6144:QTNCjBOFn0QasgIyfJkUvnuH+G2HdM/9SPamqwQjy/:SCon0Qa/IyfJkUv35q/cymqljy/

    • Contacts a large (14162) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks