Analysis
-
max time kernel
151s -
max time network
150s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
29-05-2023 14:47
Static task
static1
General
-
Target
d2d08734fa697c7e03a05e8307a0435f.elf
-
Size
47KB
-
MD5
d2d08734fa697c7e03a05e8307a0435f
-
SHA1
5d21ef1fbaac25b46504e691cf07fe6912479a93
-
SHA256
cd7ec25de399aaeaa8bb28d2be78168325c5fcd8a21c630b42b8e9b3bad158b8
-
SHA512
88a2ffeb403ae1dadd6204bc7eb7ae533dcc2f9a2e32ba214e5f1f39d3b47f72fc6f92004487f4687fa88635f9ad48cd03a5714f40471e92793b50693dbeac0a
-
SSDEEP
768:8m5gQkZb6ifu/Ggh9OHApqBt1m1UlFzXn+PtwhHya80lfeA2Fdphg7C:R5mb6itgUAcXR73+6hH+AS7
Malware Config
Extracted
Family
mirai
C2
client.orxy.space
Signatures
-
Changes its process name 1 IoCs
Processes:
d2d08734fa697c7e03a05e8307a0435f.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself a 359 d2d08734fa697c7e03a05e8307a0435f.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
d2d08734fa697c7e03a05e8307a0435f.elfdescription ioc process File opened for modification /dev/misc/watchdog d2d08734fa697c7e03a05e8307a0435f.elf File opened for modification /dev/watchdog d2d08734fa697c7e03a05e8307a0435f.elf -
Write file to user bin folder 1 TTPs 1 IoCs
Processes:
d2d08734fa697c7e03a05e8307a0435f.elfdescription ioc process File opened for modification /usr/bin/watchdog d2d08734fa697c7e03a05e8307a0435f.elf -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
d2d08734fa697c7e03a05e8307a0435f.elfdescription ioc process File opened for modification /sbin/watchdog d2d08734fa697c7e03a05e8307a0435f.elf File opened for modification /bin/watchdog d2d08734fa697c7e03a05e8307a0435f.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
d2d08734fa697c7e03a05e8307a0435f.elfdescription ioc process File opened for reading /proc/self/exe d2d08734fa697c7e03a05e8307a0435f.elf
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/359-1-0x00008000-0x000283d0-memory.dmp