Analysis
-
max time kernel
150s -
max time network
150s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
14-05-2023 08:11
General
-
Target
c4ba5f055f8dffcc0b404969ace82feea6ead7f476e2e6a065cd25bb5a768dbd.elf
-
Size
23KB
-
MD5
da421f5ba45e1f8418f24437f1dc7181
-
SHA1
916ee3ba7a87249ab4b0cc46fcc7ce2a0e7e9ffc
-
SHA256
c4ba5f055f8dffcc0b404969ace82feea6ead7f476e2e6a065cd25bb5a768dbd
-
SHA512
16595b6de5e7bf9b602cccc97dac68b55297f71a86be9b2493bff1f57405e89897d2162b876fa3532039d553c2fe835855a00490f1ade19ffc6b0c5673cc1251
-
SSDEEP
384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtuiiAmdzJgGlzDpH7uNj1JAF:neD8ZSWvZHZbs1row697qohQvg9iAizh
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /bin/watchdog File opened for modification /sbin/watchdog
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/326-1-0x00400000-0x00451a58-memory.dmp