Analysis
-
max time kernel
36s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
-
submitted
26-12-2024 04:07
General
-
Target
telnet.arm.elf
-
Size
118KB
-
MD5
7deeb53f4b6c758fdd16275826bf5519
-
SHA1
45adb65ebad88d394a38d41f4d24f056864ae06a
-
SHA256
78aa12d9e013942202a1f63f5ca9e579e05a26e399c390a2703b5ecc97c19e6a
-
SHA512
ddfc146bd141830bb2c81c916acb2c7bbceaeaa51a17cda4e9e338b48d33aabf6bb22f6bd5d9e03e6237e9509117a4714e9e7a8022ed252fb19e5aec21742261
-
SSDEEP
1536:ZEp4I23lHPNTsdC23IT4VCPI72mKDGBlJgwywE+IafoA31ZbuKXhVz4gO3oLv9r:ZET23lHPNwdCp40IcefhxFBt
Score
9/10
Malware Config
Signatures
-
Contacts a large (115770) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes
-
/tmp/telnet.arm.elf/tmp/telnet.arm.elf1⤵
- Modifies Watchdog functionality