Overview

overview

10

Static

static

10

jade.arm.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jade.arm.elf

  • Size

    77KB

  • Sample

    250219-xh539awrhr

  • MD5

    c7aada3377e71447b9e377b59fe1b89f

  • SHA1

    60d07d891511e6228fbe05beb6db8f8e884855d0

  • SHA256

    a146d7189e8221392a83c3ba3220bcd1cc85cc939fe2f85747087e82857cb7b2

  • SHA512

    1455847d5f913fd61960e2feb4bee5dbdd669a8d4c4fa8d2548ba174013122d1c9fc831b24b1bbc129bf16369be98ffd4a17960123459847f8873125bd71bde3

  • SSDEEP

    1536:Z0lXkUBLAtJQ36bwTru4Op18gTxI/g3ahWnU7KpX5qzEF35SBc:qlZOkgS/gqholXh3G

Score
10/10
echobotmiraidefense_evasiondiscovery

Malware Config

Targets

    • Target

      jade.arm.elf

    • Size

      77KB

    • MD5

      c7aada3377e71447b9e377b59fe1b89f

    • SHA1

      60d07d891511e6228fbe05beb6db8f8e884855d0

    • SHA256

      a146d7189e8221392a83c3ba3220bcd1cc85cc939fe2f85747087e82857cb7b2

    • SHA512

      1455847d5f913fd61960e2feb4bee5dbdd669a8d4c4fa8d2548ba174013122d1c9fc831b24b1bbc129bf16369be98ffd4a17960123459847f8873125bd71bde3

    • SSDEEP

      1536:Z0lXkUBLAtJQ36bwTru4Op18gTxI/g3ahWnU7KpX5qzEF35SBc:qlZOkgS/gqholXh3G

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (471611) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks