880a57b45cb30cebd23b796fde0dd57259f5988c540dca1e196be0f6776a6db2

Analysis

max time kernel
153s
max time network
154s
platform
debian-9_armhf
resource
debian9-armhf-20231215-en
resource tags

arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
03-01-2024 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

880a57b45cb30cebd23b796fde0dd57259f5988c540dca1e196be0f6776a6db2.elf
Size

14KB
MD5

041d46e37a3b659aea9935b77f044f9f
SHA1

269a05b698c0ef34158f913725cb3f03270d203a
SHA256

880a57b45cb30cebd23b796fde0dd57259f5988c540dca1e196be0f6776a6db2
SHA512

cd02d1e34748d3ac2b3e66e58b652f1edf2e245bf686f09f5ce5f03fda77e283eaec27b44bf59ab65f9c4cf41a3d0bd764168bc3914868de3a69ca7dfa70fc56
SSDEEP

384:bc/558iMFt/z8F69w1b58gJpSfPLF1JcIuVrBsoQqcdVHX8:bc/D87/z8Fuw1bCgqfPLF1Jhu1Bs5dVM

Score

7^/10

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	880a57b45cb30cebd23b796fde0dd57259f5988c540dca1e196be0f6776a6db2.elf
File opened for modification	/dev/misc/watchdog	880a57b45cb30cebd23b796fde0dd57259f5988c540dca1e196be0f6776a6db2.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	880a57b45cb30cebd23b796fde0dd57259f5988c540dca1e196be0f6776a6db2.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/.1	880a57b45cb30cebd23b796fde0dd57259f5988c540dca1e196be0f6776a6db2.elf

/tmp/880a57b45cb30cebd23b796fde0dd57259f5988c540dca1e196be0f6776a6db2.elf
/tmp/880a57b45cb30cebd23b796fde0dd57259f5988c540dca1e196be0f6776a6db2.elf
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
- Writes file to tmp directory
PID:679

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/.1

Filesize
3B

MD5
ca9c267dad0305d1a6308d2a0cf1c39c

SHA1
eac6819d6e578da7ba6eed2a8df7ca3d425246c8

SHA256
34e2ad7b31cd9ee87c038c10fd6fbe310314ba67abb73a686f0d1087267d7a1d

SHA512
c39eff6fd21b45de7bae9c3ce8cfc1905c8565205b860ba13b7fa49d023a5efa3f8ede20ababb1f001840db16da31f542a500b12329cdb4e9c84ae11cb51aed6

Download Submit
memory/679-1-0x00008000-0x00016af8-memory.dmp

Download