Analysis

  • max time kernel
    36s
  • max time network
    151s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    11-12-2024 22:21

General

  • Target

    jew.arm6.elf

  • Size

    74KB

  • MD5

    0144680469364464aee1462d725a4d48

  • SHA1

    71e5a8810254d39869ea661193028f5605ae4687

  • SHA256

    79537190a86f8e237e164354172d4c2b73cba0d91a645d0b72cb7e3347e71dc9

  • SHA512

    f6248ef3726f0eb4b4c5415afc9a90b779a8c0e0d6486ace9e54904e10de8389419e8f3b888aea63634420b1e00c0a63c2422cf0f91793e0754d843cc9333b3c

  • SSDEEP

    1536:jHnub6m+a+V1H8gioIFRuPzNI1IIUkIXhnGtHSqTQZD2E2p+YrEfqOQ9fdrqxd4r:pcgoIzN5WzMZDHnOor

Malware Config

Signatures

  • Contacts a large (117360) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs

Processes

  • /tmp/jew.arm6.elf
    /tmp/jew.arm6.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    PID:660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads