General
-
Target
f586c357f162b4875c286e028b8a101f
-
Size
82KB
-
Sample
220805-ywjb3sggd8
-
MD5
f586c357f162b4875c286e028b8a101f
-
SHA1
83964f5d27a8f6b1c0876e62dead592d86b2ed56
-
SHA256
d9fc1ad9af297ff9f0fabf2227f8060b0eb069bb4fe430723ab06af3b981b9db
-
SHA512
fa3827aa7eeeff0d106a864686d257288a9bbb50068cc265223e82c0e8183805776a7924a877637659b1359e3d7d1ec0bc46013f66084d2d82d661e801e0941d
Static task
static1
Behavioral task
behavioral1
Sample
f586c357f162b4875c286e028b8a101f
Resource
debian9-mipsbe-en-20211208
Malware Config
Targets
-
-
Target
f586c357f162b4875c286e028b8a101f
-
Size
82KB
-
MD5
f586c357f162b4875c286e028b8a101f
-
SHA1
83964f5d27a8f6b1c0876e62dead592d86b2ed56
-
SHA256
d9fc1ad9af297ff9f0fabf2227f8060b0eb069bb4fe430723ab06af3b981b9db
-
SHA512
fa3827aa7eeeff0d106a864686d257288a9bbb50068cc265223e82c0e8183805776a7924a877637659b1359e3d7d1ec0bc46013f66084d2d82d661e801e0941d
Score9/10-
Contacts a large (40409) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-