Analysis
-
max time kernel
149s -
max time network
162s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
-
submitted
29-11-2024 06:12
General
-
Target
loligang.arm7.elf
-
Size
145KB
-
MD5
9556015e38d115d4430fb7e2c8c3dbde
-
SHA1
87ce3208e49801d1545b3bad9d337028df21629f
-
SHA256
adef20b2dfe0a808a711b9add6f1fadb825c3b9ef436de80c9d682019d9f8bb7
-
SHA512
dd82440c22e6260e725edf09d63580c1e7081ac0080571eb2f484878c4b37606110cdd8bb7989ba328317dd871c8f1357ec845dfd700fe6c0d67e1a889706571
-
SSDEEP
3072:+00PRi0cxjNaghm12xbyl/A9mrsplDKZUoQBKXAVanHX+F8JyvnlhLig6QffU2l9:N05i0cxjNagw12xbyZA9mrsplDKZUoQP
Malware Config
Signatures
-
Contacts a large (20543) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 26 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/loligang.arm7.elf/tmp/loligang.arm7.elf1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information