40eb9bdda58dfad7ec4d03983e2ed83ab02cc881b3bc0f14e226fbe89f8ad17c

Analysis

max time kernel
150s
max time network
144s
platform
debian-9_mipsel
resource
debian9-mipsel-20221125-en
resource tags

arch:mipselimage:debian9-mipsel-20221125-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
03-06-2023 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

329-1-0x00400000-0x00452a58-memory.dmp
Size

73KB
MD5

9dfe0337c82e90bfc13a8ae2612ee57b
SHA1

dfab1112b7872557d5cc5c36e0fdef6c7feede8a
SHA256

40eb9bdda58dfad7ec4d03983e2ed83ab02cc881b3bc0f14e226fbe89f8ad17c
SHA512

ee8ebb9352202cc4205eec8e7e0e0a9af635029c7e07f3aea41898d7ff4490ce041f4a276034ee0c41bc790925273fe19222630a2e57d2de907de2d5b3dde174
SSDEEP

1536:oJPEBmW5iNWqcGTkwnXHZ84OqdZerEStEP:oJPEB8NWq9hqqd02

Score

7^/10

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/bin/watchdog
File opened for modification	/sbin/watchdog

/tmp/329-1-0x00400000-0x00452a58-memory.dmp
/tmp/329-1-0x00400000-0x00452a58-memory.dmp
1⤵
PID:327

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads