General
-
Target
linux_mipsel.elf
-
Size
2.2MB
-
Sample
250416-w94ttstyhs
-
MD5
06a141032d508ea7639d82c044851727
-
SHA1
e49bf29f0c21f0e5a5d0ccee733ed1626df57d6b
-
SHA256
d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55
-
SHA512
8173fc77c9ba84dc1a980c907dec6d2a37e20b3dec5438189fb1990e6c161de5a7ebc033091be2bcd7b80fb1bfe1478eb9f81f6811c9417fd95d3419c9cc2e05
-
SSDEEP
24576:TTq+DZ51ZFBI2dNPSn3MKEuPVXlod+lCmISWz1v:fT18MyEd+lsSWz1
Behavioral task
behavioral1
Sample
linux_mipsel.elf
Resource
debian12-mipsel-20240418-en
Malware Config
Targets
-
-
Target
linux_mipsel.elf
-
Size
2.2MB
-
MD5
06a141032d508ea7639d82c044851727
-
SHA1
e49bf29f0c21f0e5a5d0ccee733ed1626df57d6b
-
SHA256
d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55
-
SHA512
8173fc77c9ba84dc1a980c907dec6d2a37e20b3dec5438189fb1990e6c161de5a7ebc033091be2bcd7b80fb1bfe1478eb9f81f6811c9417fd95d3419c9cc2e05
-
SSDEEP
24576:TTq+DZ51ZFBI2dNPSn3MKEuPVXlod+lCmISWz1v:fT18MyEd+lsSWz1
-
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1