Analysis
-
max time kernel
151s -
max time network
150s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
08-05-2023 01:50
General
-
Target
b7c2d8e969cd973312dccaa913d6206893f9225c72cecc0789b88d18bedb6d84.elf
-
Size
45KB
-
MD5
cb2df9012745f73517df82dbdb8b6701
-
SHA1
9c89db61e4d8839f3dd36ddf47900b8c7f5a926a
-
SHA256
b7c2d8e969cd973312dccaa913d6206893f9225c72cecc0789b88d18bedb6d84
-
SHA512
86b50fb011c279c58ffe43b768e56439f21e46b7da214fe537f6e6b34b50edd511608af8d2fb6e164b148ddacfb75659b89cc9f7ba1a0925dfab50b0d5b09017
-
SSDEEP
768:D/TYCoIxdEk+AxoTZAZHFeq8b3z9q3UELbUXfi6nVMQHI4vcGpvJ:DECFd+A6YHAxyLRQZJ
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /bin/watchdog File opened for modification /sbin/watchdog -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
b7c2d8e969cd973312dccaa913d6206893f9225c72cecc0789b88d18bedb6d84.elfdescription ioc process File opened for reading /proc/self/exe b7c2d8e969cd973312dccaa913d6206893f9225c72cecc0789b88d18bedb6d84.elf
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/355-1-0x00008000-0x00026464-memory.dmp