Analysis
-
max time kernel
150s -
max time network
148s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231215-en -
resource tags
arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
20/12/2023, 00:58
Static task
static1
General
-
Target
76f0f3db59a07b7b09f5768c670e7178
-
Size
35KB
-
MD5
76f0f3db59a07b7b09f5768c670e7178
-
SHA1
f04c5e739b06db25c200c363f70646e568184a6f
-
SHA256
32c709d94cbcc65c9e736d586c0152b40ac04cf8e940f8809306c37028fa2547
-
SHA512
73cb6a582ec61e00c7564dd01befe59e951aa057f7f77f1dc91fbeb584b5fb20628bc351d0089ec0e4e74abe0aab25271dd7f07e8ccae5591a5e44724c4f4d50
-
SSDEEP
768:XUA/wCX5L+JdKEFHKCPUSgIPPMMqEzvW0jruejyznvCvoOD3pfJgGlzDp6YsY:DICpL+zHFH5USgbjI+ErdQCvh3nVYYL
Malware Config
Extracted
Family
mirai
Botnet
ITSU
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself 4 703 76f0f3db59a07b7b09f5768c670e7178 -
Deletes itself 1 IoCs
pid Process 703 76f0f3db59a07b7b09f5768c670e7178 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/exe 76f0f3db59a07b7b09f5768c670e7178 File opened for reading /proc/2/maps Process not Found File opened for reading /proc/16/maps Process not Found File opened for reading /proc/115/maps Process not Found File opened for reading /proc/374/maps Process not Found File opened for reading /proc/693/cmdline Process not Found File opened for reading /proc/717/maps Process not Found File opened for reading /proc/24/maps Process not Found File opened for reading /proc/75/maps Process not Found File opened for reading /proc/82/cmdline Process not Found File opened for reading /proc/356/cmdline Process not Found File opened for reading /proc/374/cmdline Process not Found File opened for reading /proc/3/maps Process not Found File opened for reading /proc/4/cmdline Process not Found File opened for reading /proc/15/maps Process not Found File opened for reading /proc/36/cmdline Process not Found File opened for reading /proc/74/maps Process not Found File opened for reading /proc/116/cmdline Process not Found File opened for reading /proc/386/maps Process not Found File opened for reading /proc/9/maps Process not Found File opened for reading /proc/12/maps Process not Found File opened for reading /proc/356/maps Process not Found File opened for reading /proc/11/maps Process not Found File opened for reading /proc/12/cmdline Process not Found File opened for reading /proc/70/cmdline Process not Found File opened for reading /proc/11/cmdline Process not Found File opened for reading /proc/71/maps Process not Found File opened for reading /proc/73/maps Process not Found File opened for reading /proc/76/cmdline Process not Found File opened for reading /proc/78/cmdline Process not Found File opened for reading /proc/105/maps Process not Found File opened for reading /proc/373/cmdline Process not Found File opened for reading /proc/13/cmdline Process not Found File opened for reading /proc/116/maps Process not Found File opened for reading /proc/674/cmdline Process not Found File opened for reading /proc/6/maps Process not Found File opened for reading /proc/7/cmdline Process not Found File opened for reading /proc/8/maps Process not Found File opened for reading /proc/14/maps Process not Found File opened for reading /proc/19/cmdline Process not Found File opened for reading /proc/23/cmdline Process not Found File opened for reading /proc/387/cmdline Process not Found File opened for reading /proc/14/cmdline Process not Found File opened for reading /proc/10/cmdline Process not Found File opened for reading /proc/37/maps Process not Found File opened for reading /proc/619/cmdline Process not Found File opened for reading /proc/693/maps Process not Found File opened for reading /proc/15/cmdline Process not Found File opened for reading /proc/22/maps Process not Found File opened for reading /proc/74/cmdline Process not Found File opened for reading /proc/146/cmdline Process not Found File opened for reading /proc/150/cmdline Process not Found File opened for reading /proc/373/maps Process not Found File opened for reading /proc/634/cmdline Process not Found File opened for reading /proc/694/cmdline Process not Found File opened for reading /proc/706/cmdline Process not Found File opened for reading /proc/150/maps Process not Found File opened for reading /proc/355/maps Process not Found File opened for reading /proc/657/maps Process not Found File opened for reading /proc/18/maps Process not Found File opened for reading /proc/80/maps Process not Found File opened for reading /proc/709/cmdline Process not Found File opened for reading /proc/19/maps Process not Found File opened for reading /proc/20/maps Process not Found