Analysis
-
max time kernel
150s -
max time network
7s -
platform
debian-9_armhf -
resource
debian9-armhf-20231221-en -
resource tags
arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
17-02-2024 01:01
General
-
Target
62a0066e23f543f53dfb8aa3725b112f.bin
-
Size
21KB
-
MD5
62a0066e23f543f53dfb8aa3725b112f
-
SHA1
a58b797299b788240e281c39fc707b27bef10498
-
SHA256
3fccfe398a769633e393cb824c0c54c2143033140c3616137e35be4889b2b8af
-
SHA512
ca44d618ccc4c711571ef33161098da830bf0f17c1385400a0dcc85f1f62eef803ad28294955dea009f70b6a7cd9b791bf92abb192d7fb56097d88f9a151e4d6
-
SSDEEP
384:TvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjEwhymdGUop5h4:TvQn4j+ZO5fKAlxQws3Uoz2
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /bin/watchdog File opened for modification /sbin/watchdog -
Reads runtime system information 31 IoCs
Reads data from /proc virtual filesystem.
Processes:
62a0066e23f543f53dfb8aa3725b112f.bindescription ioc File opened for reading /proc/708/cmdline File opened for reading /proc/747/cmdline File opened for reading /proc/752/cmdline File opened for reading /proc/761/cmdline File opened for reading /proc/767/cmdline File opened for reading /proc/690/cmdline File opened for reading /proc/704/cmdline File opened for reading /proc/575/cmdline File opened for reading /proc/594/cmdline File opened for reading /proc/668/cmdline File opened for reading /proc/773/cmdline File opened for reading /proc/573/cmdline File opened for reading /proc/578/cmdline File opened for reading /proc/634/cmdline File opened for reading /proc/664/cmdline File opened for reading /proc/757/cmdline File opened for reading /proc/self/exe 62a0066e23f543f53dfb8aa3725b112f.bin File opened for reading /proc/746/cmdline File opened for reading /proc/750/cmdline File opened for reading /proc/759/cmdline File opened for reading /proc/763/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/577/cmdline File opened for reading /proc/639/cmdline File opened for reading /proc/726/cmdline File opened for reading /proc/765/cmdline File opened for reading /proc/640/cmdline File opened for reading /proc/641/cmdline File opened for reading /proc/769/cmdline File opened for reading /proc/777/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/660-1-0x00008000-0x0001dca4-memory.dmp