Overview

overview

10

Static

static

10

jew.arm6.elf

debian-12-armhf

9

Analysis

  • max time kernel
    140s
  • max time network
    163s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    06/12/2024, 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jew.arm6.elf

  • Size

    74KB

  • MD5

    50ccc4094919b90c09d316f111c8e458

  • SHA1

    299bead6bb02f8dddeec6b32e7f597ed2401caf6

  • SHA256

    18029dcf1c9f4de253b3efca431386294bb6bfc45edb05487a786eab6f0f664e

  • SHA512

    83fcfe786f50264e1931615c39c2cf7330f297177f9c8d3c3c17d72ca629e598b6fd263dd515ba17053255122439bd8df5a75cf1b16e6ab8ebfa15dbf70474d1

  • SSDEEP

    1536:jHnub6m+a+V1H8gioIFRuPzNI1IIUkIXhnGSHSqTQZD2E2p+YrEfqOQ9fdrqVd4r:pcgoIzN5FzMZDHnOon

Score
9/10
defense_evasiondiscovery

Malware Config

Signatures

  • Contacts a large (116589) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs

Processes

  • /tmp/jew.arm6.elf
    /tmp/jew.arm6.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    PID:714

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads