Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20221125-en -
resource tags
arch:mipselimage:debian9-mipsel-20221125-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25-05-2023 21:56
General
-
Target
d00e880bfd7598454a0a8e60cbae6f66.elf
-
Size
24KB
-
MD5
d00e880bfd7598454a0a8e60cbae6f66
-
SHA1
025e99dec0ea271023007644377a8a3d69c1879a
-
SHA256
c90e2b54921ab6553e2567c34b4f7b1ced31c18b0b826bc0e8971f6cda3af898
-
SHA512
b8ded24e673fc15a68d782bf962075623d5aa35943c65594c5191add309d2f9207c2337b53393c71105632406ef8d92254492770205d8cc4a782db397522b41b
-
SSDEEP
768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpSIZqSWvU:4QlS07FUXqIYSXQKquNqs
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 45.250.25.167 -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/328-1-0x00400000-0x00452a58-memory.dmp