Analysis
-
max time kernel
150s -
max time network
149s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
11-05-2023 05:47
General
-
Target
c100569e03ab29a96ba42f5567716cbf.elf
-
Size
24KB
-
MD5
c100569e03ab29a96ba42f5567716cbf
-
SHA1
dbd2a4bb026eed7831acc537596ebaa242c993e6
-
SHA256
e16584774638c230ee54f829105a01eee783f8d544dffc68791bae456c3bc377
-
SHA512
8af49eabc4326d681ad843736c1d7a001aa232a91b9c152c0a9f7c32a1254c5c4c564950de075408efb90db9af594c2cd26cb387c5ca4c33cf239224cd815b32
-
SSDEEP
768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpVwZqSWv1:4QlS07FUXqIYSXQKquWqN
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 10 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/423/cmdline File opened for reading /proc/424/cmdline File opened for reading /proc/431/cmdline File opened for reading /proc/439/cmdline File opened for reading /proc/401/cmdline File opened for reading /proc/407/cmdline File opened for reading /proc/410/cmdline File opened for reading /proc/415/cmdline File opened for reading /proc/403/cmdline File opened for reading /proc/447/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/336-1-0x00400000-0x00452a58-memory.dmp