5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64

Analysis

max time kernel
154s
max time network
164s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
08/03/2025, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf
Size

209KB
MD5

821541bd01bc2ffea29f2baf9ad41130
SHA1

b2de1f68a385ce4c5d5127b8fa6a7e8292681040
SHA256

5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64
SHA512

36653c12abcd5bb355794e1570007c997fe9f359ed14eeae01a5f1f61d69e31fd83c904058a962bb06cde0ce3e29aad9a46fab1c453e69e28b16d6a51a113c69
SSDEEP

3072:3OtyYRRCS/uJIA/tIusWkt5s33HKrc8xHiD/:3OtpRRCS/uCFWQ582/xC

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (33706) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Deletes Audit logs 1 TTPs 1 IoCs

Deletes logs related to the Linux Audit framework.

defense_evasion

Clear Linux or Mac System Logs

T1070.002

description	ioc	Process
File deleted	/var/log/audit/audit.log	5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf

Deletes itself 1 IoCs

pid	Process
743	5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf

Deletes journal logs 1 TTPs 1 IoCs

Deletes systemd journal logs. Likely to evade detection.

defense_evasion

Clear Linux or Mac System Logs

T1070.002

description	ioc	Process
File deleted	/var/log/journal/edeb2f80f756429c9aae366fe5ab23dd/system.journal	5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf

Modifies Watchdog functionality 1 TTPs 1 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog:	5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf
File opened for modification	/bin/watchdog:	5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	740	5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf

/tmp/5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf
/tmp/5b6a3ddaea69d6a2b4bde62a543fefb22c055e6f3b0165d415d00e12c62bdb64.elf
1⤵
- Deletes Audit logs
- Deletes itself
- Deletes journal logs
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name
PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Indicator Removal

T1070

Clear Linux or Mac System Logs

T1070.002

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads