Analysis
-
max time kernel
150s -
max time network
182s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
-
submitted
15-12-2024 03:59
General
-
Target
c2b9b2283a0c7b5e0f8acd8b105337745e79e53c1fdf751209a0c0680376dfe2.elf
-
Size
102KB
-
MD5
f9976ecda287c44f5fc9637a81998d0c
-
SHA1
919f0a2feb00246105fdfa38b8d19bea1ad5cbc8
-
SHA256
c2b9b2283a0c7b5e0f8acd8b105337745e79e53c1fdf751209a0c0680376dfe2
-
SHA512
9ddbc254a54ee4704a4a1cf29e2ceb58584b5c59c235e92e2a8657160a1d8263404aaf477a88137185416278de9cfaa4ecb0e42a364b4210a6e90c5469f646d8
-
SSDEEP
1536:9zropVtwBSkGlW42fwB/XBzPAL7P0v5XaSgHazGI9xGeDmSf9RBEi/SBY:ZoeIVlW461n0xKSnGI9x/mSf9RBEyGY
Malware Config
Signatures
-
Contacts a large (16218) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 26 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/c2b9b2283a0c7b5e0f8acd8b105337745e79e53c1fdf751209a0c0680376dfe2.elf/tmp/c2b9b2283a0c7b5e0f8acd8b105337745e79e53c1fdf751209a0c0680376dfe2.elf1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information