Overview

overview

10

Static

static

10

367-1-0x00...ry.dmp

debian-9-armhf

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    03/07/2023, 03:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    367-1-0x00008000-0x00026464-memory.dmp

  • Size

    76KB

  • MD5

    af24ed09fa56da72a4de65e7ffecf42e

  • SHA1

    305c37063960583dfb134ce587be52c24667f214

  • SHA256

    fb3c624ed5181793a58def864fb0fa739be972cab9ee2049dd515ea39b1d7700

  • SHA512

    f0d1a4a0a8b8500e4f2d166218c90fca9bd60cd27340b029117810f1b5507d2f475e4d5f3b71a9869bc80999a5f03c8b874bf8e512dd0a4fa967b7fbb87b7e7b

  • SSDEEP

    1536:TJnF9sFw8gu6+wyKaw1KpIPrbvr/6Ra1styKtI8ll5BihwlTQP+8oe:RowpuQyNSG2eRa1styK9flTQPHo

Score
7/10

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/367-1-0x00008000-0x00026464-memory.dmp
    /tmp/367-1-0x00008000-0x00026464-memory.dmp
    1⤵
      PID:368

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads