Analysis
-
max time kernel
97s -
max time network
151s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
-
submitted
02-02-2025 04:16
General
-
Target
4f1ab0732c7d4700af91b44fd6e26a49f2b27f0039dbb3d9dce4f8cbf1cd1484.elf
-
Size
63KB
-
MD5
44a0a590a97dc92588fa30a3d3ee011f
-
SHA1
879a7d609c539cd9f147737207d4b3422d0cbd06
-
SHA256
4f1ab0732c7d4700af91b44fd6e26a49f2b27f0039dbb3d9dce4f8cbf1cd1484
-
SHA512
bd37fa60811eff40b1a44b7cee73a7896837ea156fb7df5710d67784595a34a0b0dd3800f6595d2f868aefe76a28b25cb3155f655fffb93345d6c61593017531
-
SSDEEP
1536:MAiCDwpTQqeHYSE3gp3LirgSkxNhYu0mv:wCDyTQ34iEgvDYTmv
Score
9/10
Malware Config
Signatures
-
Contacts a large (110946) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes itself 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself 1 IoCs
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Changes its process name 1 IoCs
Processes
-
/tmp/4f1ab0732c7d4700af91b44fd6e26a49f2b27f0039dbb3d9dce4f8cbf1cd1484.elf/tmp/4f1ab0732c7d4700af91b44fd6e26a49f2b27f0039dbb3d9dce4f8cbf1cd1484.elf1⤵
- Deletes itself
- Modifies Watchdog functionality
- Renames itself
- Changes its process name