Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
-
submitted
27-12-2024 12:47
General
-
Target
700-1-0x00400000-0x0045bba8-memory.dmp
-
Size
109KB
-
MD5
6be1fbdd34fd12b7c756324453248642
-
SHA1
ace922b8e991fa60fb4329c8e3d33acdb2614f28
-
SHA256
ea0c3ba19c1bedb5c802b4634f0f25fbd11ca39d5848ba914f69e1c14058bc81
-
SHA512
c3ce65098f051fd86a219ac97b9f8370064585254d874d85f2ae1b9d37771b2b2be75befe56b165262fdff15e566c191f9b0798159451bb8103ab5f1cf2ff38a
-
SSDEEP
1536:7ClNlFgCYzgnzXDit4ncpbpNZZM65dCD3:7CXgCYzgnzXDsNZO
Score
9/10
Malware Config
Signatures
-
Contacts a large (193730) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
-
Changes its process name 1 IoCs
-
Reads runtime system information 30 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/700-1-0x00400000-0x0045bba8-memory.dmp/tmp/700-1-0x00400000-0x0045bba8-memory.dmp1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name
- Reads runtime system information