4a38ffd4b6debc4e32df8b7e7f2e613e3aa5d78905d9190c1652ab24582264ca

Analysis

max time kernel
150s
max time network
152s
platform
debian-9_mipsel
resource
debian9-mipsel-20230831-en
resource tags

arch:mipselimage:debian9-mipsel-20230831-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
22/09/2023, 06:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

332-1-0x00400000-0x00452a58-memory.dmp
Size

73KB
MD5

d01898bc57832e8213f87a68aa5ef2b1
SHA1

ac5122443807a19be95ffe0f7b14bdd085a915d3
SHA256

4a38ffd4b6debc4e32df8b7e7f2e613e3aa5d78905d9190c1652ab24582264ca
SHA512

8fc689fa15d6861cd1761d8eacaf8ecc42b5734ef137ad8d19ab99f78f6fa4a243e858ccb425c4ab2b88fc58fac6c76bcf1d3d9a2d77506ca9b8744a438ac0ae
SSDEEP

1536:oJPEBmW5iNWqcGTkwnXHZ84OqdZerESteP:oJPEB8NWq9hqqd0I

Score

7^/10

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/sbin/watchdog
File opened for modification	/bin/watchdog

/tmp/332-1-0x00400000-0x00452a58-memory.dmp
/tmp/332-1-0x00400000-0x00452a58-memory.dmp
1⤵
PID:336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads