ad84c14b2c8d8ea704940449d8f94ba5592bd29a8cdb50e5d03e94f8873258b1

Analysis

max time kernel
135s
max time network
157s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
07/12/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jew.arm7.elf
Size

133KB
MD5

68f801d4389ba75ea8b92076e839ca4d
SHA1

28cae6af4f3d274adee97a823eec34ca873d77d5
SHA256

ad84c14b2c8d8ea704940449d8f94ba5592bd29a8cdb50e5d03e94f8873258b1
SHA512

4e4b797d7c2c6e5db1422438fcf3991da94fe0a1d6a0f111186b005c0f9c96459018a1b854ac5c8962b1c6648c11a39c7295a5d9fab1798cc26846be30fbba49
SSDEEP

3072:5KacBqVuJVkW5IOPZoxNOqMP0wctzHnZPF+84/M/92L18Yj:kacBQuJVkW5IOaxNOqMPVoZF+8MM/9Zc

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (115783) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	jew.arm7.elf
File opened for modification	/dev/misc/watchdog	jew.arm7.elf

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	jew.arm7.elf
File opened for modification	/bin/watchdog	jew.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	pgmEtmktcFpFpAwd %9	712	jew.arm7.elf

/tmp/jew.arm7.elf
/tmp/jew.arm7.elf
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads