Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    17-12-2024 01:57

General

  • Target

    cb79ac091b817342d2c9f4061588360d7be2dd0771910054e7d1b45aca940aa7.elf

  • Size

    45KB

  • MD5

    fef73963d4087fd2da9abc5501e8f9b8

  • SHA1

    502acae3bda35629e1ced3de6c0cca16fe98c07d

  • SHA256

    cb79ac091b817342d2c9f4061588360d7be2dd0771910054e7d1b45aca940aa7

  • SHA512

    d44a6dc1b19748ac3071db4fefabb701f64c23566eed4e7bc9dccdde2c8523f3b30986fede4652d225a3396cea24ee505f8e26935fb2865e16bb304abc1ca31c

  • SSDEEP

    768:wZn5zr/7tUFkLuQQtEXLLFTV71NY+FEC9QnsOzU+fumpUisIbSNiykofoHgOIlhi:wZnZ7tUKL3QtSXRV71NYSEwQsOzLPiIz

Malware Config

Signatures

  • Contacts a large (35006) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Processes

  • /tmp/cb79ac091b817342d2c9f4061588360d7be2dd0771910054e7d1b45aca940aa7.elf
    /tmp/cb79ac091b817342d2c9f4061588360d7be2dd0771910054e7d1b45aca940aa7.elf
    1⤵
    • Modifies Watchdog functionality
    PID:702

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads