Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    04-12-2024 00:03

General

  • Target

    teste.arm5.elf

  • Size

    146KB

  • MD5

    8c6cf977dfe4b14508fa67b7c5494270

  • SHA1

    e9a8ea9c88221b191a0141aa0c338c0b6de19dbc

  • SHA256

    738591dfc24cbf92f0054effab5a780f5b30c3f1bc05ab017004e484294949a2

  • SHA512

    53697c3a291cd3a07e84990b274dbe05a4d738377d675489d2511cac6debeb0d2cf32f05041ec8f4c1abec1c6cec2ecba42c2c254c188d59dc63edbce5904aed

  • SSDEEP

    3072:Xepl+0j1qNh7kpRaN4p7JGxrCJ2GKHWAy:XeplNUh7KwN4poxOQG4WZ

Malware Config

Signatures

  • Contacts a large (70663) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/teste.arm5.elf
    /tmp/teste.arm5.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    • Reads runtime system information
    PID:674

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads