Analysis
-
max time kernel
36s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
11-12-2024 22:21
Behavioral task
behavioral1
Sample
jew.arm6.elf
Resource
debian9-armhf-20240729-en
debian-9-armhf
5 signatures
150 seconds
General
-
Target
jew.arm6.elf
-
Size
74KB
-
MD5
0144680469364464aee1462d725a4d48
-
SHA1
71e5a8810254d39869ea661193028f5605ae4687
-
SHA256
79537190a86f8e237e164354172d4c2b73cba0d91a645d0b72cb7e3347e71dc9
-
SHA512
f6248ef3726f0eb4b4c5415afc9a90b779a8c0e0d6486ace9e54904e10de8389419e8f3b888aea63634420b1e00c0a63c2422cf0f91793e0754d843cc9333b3c
-
SSDEEP
1536:jHnub6m+a+V1H8gioIFRuPzNI1IIUkIXhnGtHSqTQZD2E2p+YrEfqOQ9fdrqxd4r:pcgoIzN5WzMZDHnOor
Score
9/10
Malware Config
Signatures
-
Contacts a large (117360) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog jew.arm6.elf File opened for modification /dev/misc/watchdog jew.arm6.elf -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog jew.arm6.elf File opened for modification /bin/watchdog jew.arm6.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself tAniugxcovmwxjAy 660 jew.arm6.elf