7596f8f78a764dcc611b743b03b8579f30823a3674442cb5777c849c64d101fc

Analysis

max time kernel
27783s
max time network
148s
platform
linux_mipsel
resource
debian9-mipsel-en-20211208
resource tags

arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
26/10/2022, 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58b5c162635391919ded78af19c885bb.elf
Size

24KB
MD5

58b5c162635391919ded78af19c885bb
SHA1

09423785c9c0f960d5dec93725f560de221af0eb
SHA256

7596f8f78a764dcc611b743b03b8579f30823a3674442cb5777c849c64d101fc
SHA512

0f2ff9f9c48be58634e937729b1d4153b6d2dcec12adfb3a0fc3978c69141f01a0e050b09061ab2e4bd5a81c5c168aa8774efea7ec453fd2ea63b15a504d0631
SSDEEP

768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpbwNZqSWv2:4QlS07FUXqIYSXQKqub0qO

Score

9^/10

Malware Config

Signatures

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow

T1574

description	ioc
/sbin/watchdog	/sbin/watchdog
/bin/watchdog	/bin/watchdog

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc
/proc/	/proc/

/tmp/58b5c162635391919ded78af19c885bb.elf
/tmp/58b5c162635391919ded78af19c885bb.elf
1⤵
PID:332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads