Analysis
-
max time kernel
134s -
max time network
148s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
-
submitted
07/03/2025, 14:37
General
-
Target
drea4.elf
-
Size
155KB
-
MD5
c1f2972eb772dcdfc5de05ba17fd89fe
-
SHA1
a67293add206b63c2794a489eb763fcc3f7b7528
-
SHA256
b7a8882a502098f8b51aa06b9c215be250307c4e355f6f7073819d2562f23741
-
SHA512
0bdd20297852d2dd7c6c3974eaf9539126ca40ad9068fe0ba1faf9c066f0f9968edf88e58dcfea4b485e3c5f5def62938f25525508d92aa59ae779778ba6c217
-
SSDEEP
3072:Yrar2mhqodwdRbfW4psvkBSmIW8OWfiXf1:Yr/dpfW4p0kBVIsW6XN
Score
9/10
Malware Config
Signatures
-
Contacts a large (5122) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes itself 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 1 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Writes file to system bin folder 2 IoCs
-
Changes its process name 1 IoCs
Processes
-
/tmp/drea4.elf/tmp/drea4.elf1⤵
- Deletes itself
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name