Overview

overview

10

Static

static

10

jfeeps.elf

debian-9-mips

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jfeeps.elf

  • Size

    206KB

  • Sample

    250307-rrfxts1xfy

  • MD5

    d001bac4ca77619398420b980a339977

  • SHA1

    8e7660b184b8f739f130f0351cf7ab08604c1925

  • SHA256

    00937209bfc651fb263deaec059ea7eb0b40c3c224c66648d606946aab58723f

  • SHA512

    806361b76d62829403fed731a0b755e503e728d86e60a71fc50a3842e9a75f6f440425a8d93a738aea5efa177fb4b6c86ae72a44175d89b52fa75e4cdd4d71a8

  • SSDEEP

    3072:SlzrCkUrFJ1Wcpix7A/+XjLTuYPGD2FYSHqE:Slzr6p9pQs/KT7PW2FPKE

Score
10/10
miraidefense_evasiondiscovery

Malware Config

Targets

    • Target

      jfeeps.elf

    • Size

      206KB

    • MD5

      d001bac4ca77619398420b980a339977

    • SHA1

      8e7660b184b8f739f130f0351cf7ab08604c1925

    • SHA256

      00937209bfc651fb263deaec059ea7eb0b40c3c224c66648d606946aab58723f

    • SHA512

      806361b76d62829403fed731a0b755e503e728d86e60a71fc50a3842e9a75f6f440425a8d93a738aea5efa177fb4b6c86ae72a44175d89b52fa75e4cdd4d71a8

    • SSDEEP

      3072:SlzrCkUrFJ1Wcpix7A/+XjLTuYPGD2FYSHqE:Slzr6p9pQs/KT7PW2FPKE

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (16386) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Deletes itself

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

      defense_evasion

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Deletes log files

      Deletes log files on the system.

      defense_evasion

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks