Overview

overview

10

Static

static

10

712-1-0x00...ry.dmp

debian-9-mips

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240729-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    27-12-2024 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    712-1-0x00400000-0x0045aba8-memory.dmp

  • Size

    105KB

  • MD5

    941b64f05daf9aee781500b88ab85570

  • SHA1

    80aa198783d3f58ab38c2235c90fcd6141195230

  • SHA256

    64ea6326c8a852858317ca173bbe5ce52fbd2258f1b150d4d4d8d5cb0ef4e870

  • SHA512

    3af20c077826d51a66d01f9207e7c188bd8f7276d01b2cb6dc4bd3376c7d1175c5a456583eee68efebdfe5dcd30e097d72a0794b66d11ccdf832419f976ed4e8

  • SSDEEP

    1536:ZBtIUODpEJqMVg0ECa2RdX1X0Wr/Lenr2TtbV+HgD/zl/OEfnVTldzwj6I:ZMhtEAGhECau50Wrbr+Hgrzl/OEfnBq

Score
9/10
defense_evasiondiscovery

Malware Config

Signatures

  • Contacts a large (201179) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 26 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/712-1-0x00400000-0x0045aba8-memory.dmp
    /tmp/712-1-0x00400000-0x0045aba8-memory.dmp
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    • Reads runtime system information
    PID:712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads