Analysis

  • max time kernel
    67s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    23-12-2024 16:06

General

  • Target

    22c8f459658d7a9bc41ad39c5491d6013e68a0fd95b6b9d28ccfb84754eabadd

  • Size

    117KB

  • MD5

    1ffc6391cbd14941a6bbf63e99574ba3

  • SHA1

    e0d0ed3bbd07ac82c62b36c90e98306f7e666f16

  • SHA256

    22c8f459658d7a9bc41ad39c5491d6013e68a0fd95b6b9d28ccfb84754eabadd

  • SHA512

    43e739848da6df1d94c7b3fdeb5cf9fe6bbdea5c5acc58c02f875ce1fe6a7dce0615bdd29c72cce2e07067629b69ab84a38def50c96928e4a96f6401d0f35eda

  • SSDEEP

    3072:FQXIXLM947iz8QDvxdEOm/oic4s0au37mM/9HM:eXIY947iYAvxdEOmAio0auCM/9HM

Malware Config

Signatures

  • Contacts a large (227902) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/22c8f459658d7a9bc41ad39c5491d6013e68a0fd95b6b9d28ccfb84754eabadd
    /tmp/22c8f459658d7a9bc41ad39c5491d6013e68a0fd95b6b9d28ccfb84754eabadd
    1⤵
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:661

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads