Analysis
-
max time kernel
33s -
max time network
164s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
05-12-2024 01:20
Behavioral task
behavioral1
Sample
e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf
Resource
debian12-mipsel-20240221-en
General
-
Target
e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf
-
Size
90KB
-
MD5
58795d4c9d5f620b48ccf3a5a15d1901
-
SHA1
4163f71b6cfbdd2a860654b2c02c821af400ab5c
-
SHA256
e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1
-
SHA512
05df4d4f672f8d0d82a529db2d8877098ccbb40480a7282d6059737af87ae67928b8cbe75c59d709580e77dde0b28f96a5badbc060be5bcea59f4331bfe34104
-
SSDEEP
1536:VE8u+s5gBkvOWgsBZ936oqGxSmZ9lPOPPu:G8q5gGOHsDSm
Malware Config
Signatures
-
Contacts a large (115984) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf File opened for modification /dev/misc/watchdog e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf File opened for modification /bin/watchdog e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 743 e6e192914b00a8295a96acf98020aab0c3db88329b0d0b209e99682e6c6492e1.elf