Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
-
submitted
29-12-2024 22:55
General
-
Target
loligang.arm.elf
-
Size
80KB
-
MD5
e4c8fd03b5000066b3d9287923cb4633
-
SHA1
c428c390600b5c97fa0f2a8c2a7f486688a3a3a6
-
SHA256
507c78d68af86d5cac722485d716aeb6b56ad497b80b5acbb4f72656c8975628
-
SHA512
5563d2c97ba38bb7cb318dd8f00f7e1042933554edb4a57d3d289b9cdee72a1b246f0739edc9fa4867a919cb1f2f0d68eca119637e92b90ac30939afd8a84e21
-
SSDEEP
1536:k+hcm0sW9T9kgigxITXSLw27maJFrY41idxRva/JeZWbLZprtjYqRlM:TV0sW7ovaxwOLZppcqRC
Malware Config
Signatures
-
Contacts a large (20482) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 45 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/loligang.arm.elf/tmp/loligang.arm.elf1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information