Analysis
-
max time kernel
150s -
max time network
7s -
platform
debian-9_armhf -
resource
debian9-armhf-20231222-en -
resource tags
arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
17-02-2024 01:00
General
-
Target
4e45bee072d2274f8d632dabc0a27b34.bin
-
Size
45KB
-
MD5
4e45bee072d2274f8d632dabc0a27b34
-
SHA1
ac665f787c8450d2f1caae8bf337189bbf461397
-
SHA256
9b31a37117f12f346fd931875fc1dcde4d9a874a5de21ba0abe242c1ef6f6c9d
-
SHA512
bcf11b48622d6edb38830faf361a17ed03933ec5e0d48eeda14b86d7c358b0e14f609de15718f0644e8aaa824dcbc23914ebabd11bfcd31ae5001c98b508c5ad
-
SSDEEP
768:D/TYCoIxdEk+AxoTZAZHFeq8b3B19q3UELbUXfi6nVMQHI4vcGpvt:DECFd+A6YHAxKLRQZt
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 31 IoCs
Reads data from /proc virtual filesystem.
Processes:
4e45bee072d2274f8d632dabc0a27b34.bindescription ioc File opened for reading /proc/666/cmdline File opened for reading /proc/776/cmdline File opened for reading /proc/784/cmdline File opened for reading /proc/692/cmdline File opened for reading /proc/self/exe 4e45bee072d2274f8d632dabc0a27b34.bin File opened for reading /proc/588/cmdline File opened for reading /proc/689/cmdline File opened for reading /proc/579/cmdline File opened for reading /proc/665/cmdline File opened for reading /proc/790/cmdline File opened for reading /proc/620/cmdline File opened for reading /proc/778/cmdline File opened for reading /proc/757/cmdline File opened for reading /proc/782/cmdline File opened for reading /proc/804/cmdline File opened for reading /proc/577/cmdline File opened for reading /proc/659/cmdline File opened for reading /proc/730/cmdline File opened for reading /proc/788/cmdline File opened for reading /proc/792/cmdline File opened for reading /proc/575/cmdline File opened for reading /proc/756/cmdline File opened for reading /proc/786/cmdline File opened for reading /proc/800/cmdline File opened for reading /proc/802/cmdline File opened for reading /proc/663/cmdline File opened for reading /proc/725/cmdline File opened for reading /proc/794/cmdline File opened for reading /proc/734/cmdline File opened for reading /proc/796/cmdline File opened for reading /proc/798/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/685-1-0x00008000-0x00026464-memory.dmp