Overview

overview

10

Static

static

10

696-1-0x00...ry.dmp

debian-12-mipsel

9

Analysis

  • max time kernel
    124s
  • max time network
    156s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240221-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    12-12-2024 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    696-1-0x00400000-0x0042fd9c-memory.dmp

  • Size

    125KB

  • MD5

    25e2acba09e1416b972bb0350db65db1

  • SHA1

    8844664a2dd638ccb809a4726c0287f1e998a03d

  • SHA256

    6b96dc9fbe7791cc5c0af51ca9b107ccfac66652fa65693251ce23beb772635f

  • SHA512

    e94474b615fc3f80cef30d164791cfd3b2318e6dd63236be78a93a308bea2b36585a58095a726d58b86cba67a865fa645388824aab5b3696af46c66da8d699b3

  • SSDEEP

    1536:7VjipKe6+n9VIoLXAsSh8H0PN5nfIll4OnKpYeMjcy9CcbDrLFhIEl363q:xjipKp+nHXnH0PYlTh9/3Gq

Score
9/10
defense_evasiondiscovery

Malware Config

Signatures

  • Contacts a large (93129) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/696-1-0x00400000-0x0042fd9c-memory.dmp
    /tmp/696-1-0x00400000-0x0042fd9c-memory.dmp
    1⤵
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:746

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads