a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e

Analysis

max time kernel
152s
max time network
163s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
09/12/2024, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
Size

94KB
MD5

7e1f70f848cdb5da083b60a9ddd162e6
SHA1

19ae1e208fcdc6a48c18a196ad0a74b16cddc8de
SHA256

a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e
SHA512

d355621f2bfbadd69011a04a73d76454b5d1410b6534e4192f53f2e464b8f11228b139741cfccdbeda1ff5a8ddf44eb3883b2c01c28b9c34ab0ef5dffdc1f07e
SSDEEP

768:BnJDTFOU1Q0HeByl6SR9KhE3jU1t7zDh5YUeYOezgeR9GAlNYwN36gT3OXilYraP:lPOU1Q0UY3ADhV1OygS9hNVhrka7g0X

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (23402) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for modification	/dev/misc/watchdog	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf

Reads runtime system information 24 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/412/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/689/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/691/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/718/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/719/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/745/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/750/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/765/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/771/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/409/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/607/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/611/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/712/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/714/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/721/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/733/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/783/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/710/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/767/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/431/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/694/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/734/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/746/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
File opened for reading	/proc/775/smaps	a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf

/tmp/a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
/tmp/a704d980037d64a963b8790adef0f7f108cbf5140411dffdc42264c3c4e0b07e.elf
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:742

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads