Analysis
-
max time kernel
153s -
max time network
102s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
14-05-2023 02:46
General
-
Target
c6ca07a951ecfc870b92c466c86431b7.elf
-
Size
20KB
-
MD5
c6ca07a951ecfc870b92c466c86431b7
-
SHA1
b8d8201e5a1934cee0daea7de8c067e4a67c7c32
-
SHA256
b03e4b5fc01f39df8694d21b3df5a5cb8f4ab80190d3575d0739f5c4cce098b7
-
SHA512
89e360adb327b97e13ddb56721626488423cf5a97ad6301da724a63ed49e08186d3f2bc52498e01fb72afeb73defdb213ab67fbe667164d59b0ef59f31913a54
-
SSDEEP
384:M0hLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaQNAr8vcoBAvP+qNV+KLebRtnISyW:T98o08kxofBE+ZkXaT47C2EpitkW
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 8 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/569/cmdline File opened for reading /proc/570/cmdline File opened for reading /proc/571/cmdline File opened for reading /proc/572/cmdline File opened for reading /proc/577/cmdline File opened for reading /proc/578/cmdline File opened for reading /proc/422/cmdline File opened for reading /proc/541/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/574-1-0x0000000008048000-0x00000000080547a0-memory.dmp