Analysis
-
max time kernel
146s -
max time network
149s -
platform
debian-12_armhf -
resource
debian12-armhf-20240418-en -
resource tags
arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
17-12-2024 01:57
Behavioral task
behavioral1
Sample
cb79ac091b817342d2c9f4061588360d7be2dd0771910054e7d1b45aca940aa7.elf
Resource
debian12-armhf-20240418-en
General
-
Target
cb79ac091b817342d2c9f4061588360d7be2dd0771910054e7d1b45aca940aa7.elf
-
Size
45KB
-
MD5
fef73963d4087fd2da9abc5501e8f9b8
-
SHA1
502acae3bda35629e1ced3de6c0cca16fe98c07d
-
SHA256
cb79ac091b817342d2c9f4061588360d7be2dd0771910054e7d1b45aca940aa7
-
SHA512
d44a6dc1b19748ac3071db4fefabb701f64c23566eed4e7bc9dccdde2c8523f3b30986fede4652d225a3396cea24ee505f8e26935fb2865e16bb304abc1ca31c
-
SSDEEP
768:wZn5zr/7tUFkLuQQtEXLLFTV71NY+FEC9QnsOzU+fumpUisIbSNiykofoHgOIlhi:wZnZ7tUKL3QtSXRV71NYSEwQsOzLPiIz
Malware Config
Signatures
-
Contacts a large (35006) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog cb79ac091b817342d2c9f4061588360d7be2dd0771910054e7d1b45aca940aa7.elf File opened for modification /dev/misc/watchdog cb79ac091b817342d2c9f4061588360d7be2dd0771910054e7d1b45aca940aa7.elf