Overview

overview

10

Static

static

10

army6.elf

debian-9-armhf

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    army6.elf

  • Size

    259KB

  • Sample

    250108-2w8thsxkfw

  • MD5

    f5766e54f5df87a84bb3cb507140f983

  • SHA1

    92809fb7294d6e15a4ed75af713c34209a78c289

  • SHA256

    2941cbc75ad488a27b993dbd439e21b0ee6335cc95872559f46c56aadf4c7bc5

  • SHA512

    ad77af96f0ddca58db25e49d7e025c6cff7964742ca261c9096fe46957b97295a4d9303780c883dc704f4d1df11963de9a4f2f542ce96bc5972112b24f639900

  • SSDEEP

    6144:MargtN+467jhcaVogahXGAm20Q7tJPjNS:MJN165cayFIAm20ItJPjNS

Score
10/10
gafgytdefense_evasiondiscovery

Malware Config

Targets

    • Target

      army6.elf

    • Size

      259KB

    • MD5

      f5766e54f5df87a84bb3cb507140f983

    • SHA1

      92809fb7294d6e15a4ed75af713c34209a78c289

    • SHA256

      2941cbc75ad488a27b993dbd439e21b0ee6335cc95872559f46c56aadf4c7bc5

    • SHA512

      ad77af96f0ddca58db25e49d7e025c6cff7964742ca261c9096fe46957b97295a4d9303780c883dc704f4d1df11963de9a4f2f542ce96bc5972112b24f639900

    • SSDEEP

      6144:MargtN+467jhcaVogahXGAm20Q7tJPjNS:MJN165cayFIAm20ItJPjNS

    Score
    7/10
    defense_evasiondiscovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks