Analysis
-
max time kernel
151s -
max time network
150s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
01-06-2023 17:06
General
-
Target
3940ad85e92bba493621b2bf80622d58.elf
-
Size
45KB
-
MD5
3940ad85e92bba493621b2bf80622d58
-
SHA1
1861ba1682bb29284361ff5784aacdc7dc23f4fa
-
SHA256
e288e0300b62d77fef5a4d81c0e6758f0336ca9c4c90f5c4d29cec78fab0c984
-
SHA512
5f1e29a3501e152cd780571a2dced25b4f557cf6baf1e9c98053ff7e4b524196e66e89cb12e4679c6a1c04a22cf41ca56aec1333a466e5bdc68898ad04f2e1e8
-
SSDEEP
768:g/TYCoIxdEk+AxoTZAZHFeq8b3H9q3UELbUXfi6nVMQHI4vcGpvj:gECFd+A6YHAxWLRQZj
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /bin/watchdog File opened for modification /sbin/watchdog -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
3940ad85e92bba493621b2bf80622d58.elfdescription ioc process File opened for reading /proc/self/exe 3940ad85e92bba493621b2bf80622d58.elf