Analysis
-
max time kernel
150s -
max time network
155s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
-
submitted
30/11/2024, 13:50
General
-
Target
loligang.mips.elf
-
Size
99KB
-
MD5
53aef66b569cda2866e69aecd58b5a8f
-
SHA1
07c607bcc93cbb44a43a774854a90356b0ebf11a
-
SHA256
d3d338fd5ed4422da395f715f621405edd7c11f883adb32ab6b5b9144b515f0d
-
SHA512
0fbf31b9668fb9a201611642314b774579db4d7a3eb71ccf9069a9b2c81bf90cb2f194346affe747f2a6ee7e9c9ca7fc0b50481887cddab5f995f9372fbaf531
-
SSDEEP
1536:pegXznytTDLmgKQ29A0v+iRbNxcLPkXK7wYvmG6aa7GBRd9:jiDEA0WKbNx3XK7wYv1jaiBf9
Malware Config
Signatures
-
Contacts a large (19860) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 33 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
Processes
-
/tmp/loligang.mips.elf/tmp/loligang.mips.elf1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information
- System Network Configuration Discovery