Analysis
-
max time kernel
150s -
max time network
162s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
-
submitted
15-01-2025 14:48
General
-
Target
arm5.elf
-
Size
51KB
-
MD5
ba90717e35e660c77f5eed6441b2f9c4
-
SHA1
c2b874723e5802b8ae6dd73388dd018d094904dc
-
SHA256
ed7382c3202bca5f149c0143154468f62cd4b98b43254981f52d7f25a32d563b
-
SHA512
aa45053da98c83f99612d415e5b017727176f3baba5ead285a4c0446a28dc5df3872bc9aa39cef2e1f249d6ef34bd9d8b0ba25137db5688b7383661c3a6964f4
-
SSDEEP
768:q3ltpsNJvJkRbX8lF9nN+xVM+wJqRXHUnoocH+ZkHPESOrhS9X2/NPOBzGkUzg:6tYJwS9nNWTwJ6XHUn6+ZkvJQtYBas
Score
9/10
Malware Config
Signatures
-
Contacts a large (107737) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Changes its process name 1 IoCs
Processes
-
/tmp/arm5.elf/tmp/arm5.elf1⤵
- Modifies Watchdog functionality
- Changes its process name