Analysis

  • max time kernel
    151s
  • max time network
    150s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • resource tags

    arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    01-06-2023 17:06

General

  • Target

    3940ad85e92bba493621b2bf80622d58.elf

  • Size

    45KB

  • MD5

    3940ad85e92bba493621b2bf80622d58

  • SHA1

    1861ba1682bb29284361ff5784aacdc7dc23f4fa

  • SHA256

    e288e0300b62d77fef5a4d81c0e6758f0336ca9c4c90f5c4d29cec78fab0c984

  • SHA512

    5f1e29a3501e152cd780571a2dced25b4f557cf6baf1e9c98053ff7e4b524196e66e89cb12e4679c6a1c04a22cf41ca56aec1333a466e5bdc68898ad04f2e1e8

  • SSDEEP

    768:g/TYCoIxdEk+AxoTZAZHFeq8b3H9q3UELbUXfi6nVMQHI4vcGpvj:gECFd+A6YHAxWLRQZj

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/3940ad85e92bba493621b2bf80622d58.elf
    /tmp/3940ad85e92bba493621b2bf80622d58.elf
    1⤵
    • Reads runtime system information
    PID:355

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/355-1-0x00008000-0x00026464-memory.dmp