Analysis
-
max time kernel
103s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
-
submitted
30/11/2024, 02:32
General
-
Target
4d9f4f2f42004756ed83d5010836265f2d295d7cefd57b5f58d79a1ee44f47c2.elf
-
Size
91KB
-
MD5
f01bc08d2f7ff88ee3aa689d3f857cbc
-
SHA1
d196796300e81a3a2f6810c07f77c762ef583fc3
-
SHA256
4d9f4f2f42004756ed83d5010836265f2d295d7cefd57b5f58d79a1ee44f47c2
-
SHA512
d603eabb7c882efee9f60b947c689194dd70a3999350eca26de7bd9fd7b0e685ccce6df0aca1b26e4943787cde017d73c3a04c092c1d16b513a0020016cb490d
-
SSDEEP
1536:LnCPs03z1A4OvKQwH34O9PdkMwCD/zMyzlNJI:WPs038vKDX4yW
Malware Config
Signatures
-
Contacts a large (20611) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 29 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/4d9f4f2f42004756ed83d5010836265f2d295d7cefd57b5f58d79a1ee44f47c2.elf/tmp/4d9f4f2f42004756ed83d5010836265f2d295d7cefd57b5f58d79a1ee44f47c2.elf1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information