9302ba7444c152e1ffcb2eb3b4a8615bdcf26e7f6549a77eb09d829c2bd16645

Analysis

max time kernel
149s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
14-01-2025 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

meth10.elf
Size

51KB
MD5

276fe1685110331057cd5a3e74d44376
SHA1

c8583fc07dc597a9a964096b0b543a3c8cb1d109
SHA256

9302ba7444c152e1ffcb2eb3b4a8615bdcf26e7f6549a77eb09d829c2bd16645
SHA512

f1b70eb3151b91052991a6f382741ee558064f209f58cc7c973331e8270a880287cd810dc12325a353ae6583b0f87d411cbc872c5e9bb5915c2d576483ba1674
SSDEEP

768:q3ltpsNJvJkRbX8lF9nN+xVM+wJqRXHQnoocH+ZkHPESOXhS9X2/NPOBzGkUzg:6tYJwS9nNWTwJ6XHQn6+ZkvJ4tYBas

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (113622) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	meth10.elf
File opened for modification	/dev/misc/watchdog	meth10.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/var/Sofia	647	meth10.elf

/tmp/meth10.elf
/tmp/meth10.elf
1⤵
- Modifies Watchdog functionality
- Changes its process name
PID:647

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads