Overview
overview
10Static
static
10病毒样�...8fedee
ubuntu-18.04-amd64
病毒样�...8fedee
debian-9-armhf
病毒样�...8fedee
debian-9-mips
病毒样�...8fedee
debian-9-mipsel
病毒样�...f11a37
ubuntu-24.04-amd64
6病毒样�...1a31a5
ubuntu-24.04-amd64
9病毒样�...3d4ec8
ubuntu-18.04-amd64
病毒样�...3d4ec8
debian-9-armhf
病毒样�...3d4ec8
debian-9-mips
病毒样�...3d4ec8
debian-9-mipsel
病毒样�...abfedb
debian-12-armhf
1病毒样�...4b233f
debian-9-mips
9病毒样�...026956
debian-12-armhf
1病毒样�...3abbaf
debian-12-armhf
10病毒样�...41093c
ubuntu-18.04-amd64
病毒样�...41093c
debian-9-armhf
病毒样�...41093c
debian-9-mips
病毒样�...41093c
debian-9-mipsel
病毒样�...c23ffa
ubuntu-24.04-amd64
1病毒样�...ef7fc4
debian-12-armhf
10病毒样�...f0acd0
debian-9-armhf
病毒样�...04540a
ubuntu-24.04-amd64
9病毒样�...0b86b3
ubuntu-22.04-amd64
9病毒样�...2262e8
debian-9-armhf
1病毒样�...f9af71
ubuntu-20.04-amd64
6病毒样�...cfa44d
ubuntu-22.04-amd64
7病毒样�...276606
debian-12-armhf
1病毒样�...5d74b3
ubuntu-18.04-amd64
病毒样�...5d74b3
debian-9-armhf
病毒样�...5d74b3
debian-9-mips
病毒样�...5d74b3
debian-9-mipsel
病毒样�...6c88db
debian-12-armhf
1Analysis
-
max time kernel
136s -
max time network
148s -
platform
debian-9_mips -
resource
debian9-mipsbe-20250410-en -
resource tags
arch:mipsimage:debian9-mipsbe-20250410-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
11/04/2025, 09:10
Behavioral task
behavioral1
Sample
病毒样本/00e06596da8d703779bb39d9e08fedee
Resource
ubuntu1804-amd64-20250410-en
ubuntu-18.04-amd64
Behavioral task
behavioral2
Sample
病毒样本/00e06596da8d703779bb39d9e08fedee
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral3
Sample
病毒样本/00e06596da8d703779bb39d9e08fedee
Resource
debian9-mipsbe-20250410-en
debian-9-mips
Behavioral task
behavioral4
Sample
病毒样本/00e06596da8d703779bb39d9e08fedee
Resource
debian9-mipsel-20250410-en
debian-9-mipsel
Behavioral task
behavioral5
Sample
病毒样本/00f87a46e10716d679e96a30cff11a37
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
Behavioral task
behavioral6
Sample
病毒样本/0a38d9eca296fa1935f82dabb41a31a5
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral7
Sample
病毒样本/0a39ca7cf634801eec27eb2d223d4ec8
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral8
Sample
病毒样本/0a39ca7cf634801eec27eb2d223d4ec8
Resource
debian9-armhf-20250410-en
debian-9-armhf
Behavioral task
behavioral9
Sample
病毒样本/0a39ca7cf634801eec27eb2d223d4ec8
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral10
Sample
病毒样本/0a39ca7cf634801eec27eb2d223d4ec8
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral11
Sample
病毒样本/0a7b0aabb6a61c26f0509b676dabfedb
Resource
debian12-armhf-20250410-en
debian-12-armhf
Behavioral task
behavioral12
Sample
病毒样本/26a14f8a41b6e3b3f685d529e94b233f
Resource
debian9-mipsbe-20250410-en
debian-9-mips
Behavioral task
behavioral13
Sample
病毒样本/26dfd5812c878dab3dea8c7666026956
Resource
debian12-armhf-20240729-en
debian-12-armhf
Behavioral task
behavioral14
Sample
病毒样本/27e04e3e0427e779ee43db42783abbaf
Resource
debian12-armhf-20250410-en
debian-12-armhf
Behavioral task
behavioral15
Sample
病毒样本/28aaedd279bb9c1d92a7b9adb541093c
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral16
Sample
病毒样本/28aaedd279bb9c1d92a7b9adb541093c
Resource
debian9-armhf-20250410-en
debian-9-armhf
Behavioral task
behavioral17
Sample
病毒样本/28aaedd279bb9c1d92a7b9adb541093c
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral18
Sample
病毒样本/28aaedd279bb9c1d92a7b9adb541093c
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral19
Sample
病毒样本/28b40aeda006c7db6163322527c23ffa
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral20
Sample
病毒样本/29f7bb5c960036be3c3d945d23ef7fc4
Resource
debian12-armhf-20250410-en
debian-12-armhf
Behavioral task
behavioral21
Sample
病毒样本/32a72a1cc99feb90e77c5f7616f0acd0
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral22
Sample
病毒样本/32cba3f918e9c992b93177a2d204540a
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
Behavioral task
behavioral23
Sample
病毒样本/34c537210dbdbf28f4694142490b86b3
Resource
ubuntu2204-amd64-20250410-en
ubuntu-22.04-amd64
Behavioral task
behavioral24
Sample
病毒样本/34e64e853d2bdb8908214048b12262e8
Resource
debian9-armhf-20250410-en
debian-9-armhf
Behavioral task
behavioral25
Sample
病毒样本/35bf9d160efafe2af0d99b054df9af71
Resource
ubuntu2004-amd64-20240729-en
ubuntu-20.04-amd64
Behavioral task
behavioral26
Sample
病毒样本/35c568784f18bb908bfc37d35ccfa44d
Resource
ubuntu2204-amd64-20250307-en
ubuntu-22.04-amd64
Behavioral task
behavioral27
Sample
病毒样本/36b6e50ce03c032e59af7b6caa276606
Resource
debian12-armhf-20250410-en
debian-12-armhf
Behavioral task
behavioral28
Sample
病毒样本/36c1760bf0b828ea66a78cae9f5d74b3
Resource
ubuntu1804-amd64-20250410-en
ubuntu-18.04-amd64
Behavioral task
behavioral29
Sample
病毒样本/36c1760bf0b828ea66a78cae9f5d74b3
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral30
Sample
病毒样本/36c1760bf0b828ea66a78cae9f5d74b3
Resource
debian9-mipsbe-20250410-en
debian-9-mips
Behavioral task
behavioral31
Sample
病毒样本/36c1760bf0b828ea66a78cae9f5d74b3
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral32
Sample
病毒样本/37ea67b2c8927cedd2c59549aa6c88db
Resource
debian12-armhf-20250410-en
debian-12-armhf
General
-
Target
病毒样本/26a14f8a41b6e3b3f685d529e94b233f
-
Size
89KB
-
MD5
26a14f8a41b6e3b3f685d529e94b233f
-
SHA1
d50b3d6251304227535bd2c31bb126d6e083c12b
-
SHA256
b25b2b779b7c88af32bc7b312b390e5879e853deb948d66a6da12ff194a60d3a
-
SHA512
daa1b36a560ba76db1d4b3ce99dc947d304875a383e4a86ac793965f1f3442fd186f63a879b7fdc608034aa3a8f5b04c8fa3375dac7bf227f4e7f7e9f483fa6b
-
SSDEEP
1536:4YRS2cWY6f6utWSVSDYFMMwqZ9adsR0vf7y9vnk5zlf/A4mqvrrb9NK2M:1I2cWRyutWCSDU9aE0Hm9Azlf/A4mOrI
Malware Config
Signatures
-
Contacts a large (20423) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 26a14f8a41b6e3b3f685d529e94b233f File opened for modification /dev/misc/watchdog 26a14f8a41b6e3b3f685d529e94b233f -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp 26a14f8a41b6e3b3f685d529e94b233f -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp 26a14f8a41b6e3b3f685d529e94b233f -
description ioc Process File opened for reading /proc/786/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/790/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/339/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/344/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/668/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/674/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/710/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/723/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/730/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/384/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/385/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/671/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/725/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/715/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/148/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/338/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/440/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/719/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/726/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/668/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/1/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/169/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/690/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/732/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/671/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/690/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/710/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/730/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/255/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/335/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/341/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/673/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/674/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/718/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/818/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/729/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/673/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/711/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/723/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/728/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/731/fd 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/440/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/717/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/742/exe 26a14f8a41b6e3b3f685d529e94b233f File opened for reading /proc/390/fd 26a14f8a41b6e3b3f685d529e94b233f