Analysis
-
max time kernel
150s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20221125-en -
resource tags
arch:armhfimage:debian9-armhf-20221125-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
05-06-2023 10:51
General
-
Target
e288e0300b62d77fef5a4d81c0e6758f0336ca9c4c90f5c4d29cec78fab0c984.elf
-
Size
45KB
-
MD5
3940ad85e92bba493621b2bf80622d58
-
SHA1
1861ba1682bb29284361ff5784aacdc7dc23f4fa
-
SHA256
e288e0300b62d77fef5a4d81c0e6758f0336ca9c4c90f5c4d29cec78fab0c984
-
SHA512
5f1e29a3501e152cd780571a2dced25b4f557cf6baf1e9c98053ff7e4b524196e66e89cb12e4679c6a1c04a22cf41ca56aec1333a466e5bdc68898ad04f2e1e8
-
SSDEEP
768:g/TYCoIxdEk+AxoTZAZHFeq8b3H9q3UELbUXfi6nVMQHI4vcGpvj:gECFd+A6YHAxWLRQZj
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 22 IoCs
Reads data from /proc virtual filesystem.
Processes:
e288e0300b62d77fef5a4d81c0e6758f0336ca9c4c90f5c4d29cec78fab0c984.elfdescription ioc File opened for reading /proc/495/cmdline File opened for reading /proc/self/exe e288e0300b62d77fef5a4d81c0e6758f0336ca9c4c90f5c4d29cec78fab0c984.elf File opened for reading /proc/403/cmdline File opened for reading /proc/483/cmdline File opened for reading /proc/463/cmdline File opened for reading /proc/472/cmdline File opened for reading /proc/482/cmdline File opened for reading /proc/401/cmdline File opened for reading /proc/425/cmdline File opened for reading /proc/438/cmdline File opened for reading /proc/468/cmdline File opened for reading /proc/417/cmdline File opened for reading /proc/450/cmdline File opened for reading /proc/454/cmdline File opened for reading /proc/437/cmdline File opened for reading /proc/449/cmdline File opened for reading /proc/462/cmdline File opened for reading /proc/494/cmdline File opened for reading /proc/498/cmdline File opened for reading /proc/402/cmdline File opened for reading /proc/418/cmdline File opened for reading /proc/426/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/358-1-0x00008000-0x00026464-memory.dmp