Analysis
-
max time kernel
150s -
max time network
154s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
04-05-2023 15:03
General
-
Target
d4ce6a8367d840118afdb064c639cc74.elf
-
Size
37KB
-
MD5
d4ce6a8367d840118afdb064c639cc74
-
SHA1
85cf4120be8faf5c3736a7045d4a5921fe5ab542
-
SHA256
89ded71040f0f0b728b5ce4d9c0affd87bae2e227068b515fc8099f6ea310ffc
-
SHA512
7279bb9dc79281d0283b24ee5ffccb32bd2959d400e959ab7f8d2fa7a20173e63b350d94daeb4e27224cf2c4545a6e7a928b7c9daffb7c403ab8c49665909d0d
-
SSDEEP
768:8cFiyluiEduvR0MrPNjIvSGb22VjGqxQLZUiBxTQFTT9nsd6WMI:vFdY4ynbV6BLh7QRT9nUx
Malware Config
Extracted
Family
mirai
Botnet
UNSTABLE
Signatures
-
Contacts a large (222532) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Changes its process name 1 IoCs
Processes:
d4ce6a8367d840118afdb064c639cc74.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself a 326 d4ce6a8367d840118afdb064c639cc74.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
d4ce6a8367d840118afdb064c639cc74.elfdescription ioc process File opened for reading /proc/self/exe d4ce6a8367d840118afdb064c639cc74.elf
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/326-1-0x00400000-0x0045bba8-memory.dmp