Analysis

  • max time kernel
    33s
  • max time network
    164s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240221-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    05-12-2024 01:20

General

  • Target

    e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf

  • Size

    90KB

  • MD5

    58795d4c9d5f620b48ccf3a5a15d1901

  • SHA1

    4163f71b6cfbdd2a860654b2c02c821af400ab5c

  • SHA256

    e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1

  • SHA512

    05df4d4f672f8d0d82a529db2d8877098ccbb40480a7282d6059737af87ae67928b8cbe75c59d709580e77dde0b28f96a5badbc060be5bcea59f4331bfe34104

  • SSDEEP

    1536:VE8u+s5gBkvOWgsBZ936oqGxSmZ9lPOPPu:G8q5gGOHsDSm

Malware Config

Signatures

  • Contacts a large (115984) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs

Processes

  • /tmp/e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf
    /tmp/e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    PID:743

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads