Analysis
-
max time kernel
149s -
max time network
131s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
22-02-2024 09:03
General
-
Target
d68f7cb2f138a9922a05c55d8f3ca6b8.elf
-
Size
20KB
-
MD5
d68f7cb2f138a9922a05c55d8f3ca6b8
-
SHA1
26be32b6c5e4dc976867e81291f6a217e25e8436
-
SHA256
3a1cce2d9626706f03e6523c0c6763defd4e25d0bd159ffb9b3636767adfd72f
-
SHA512
c7ac813fc780988404d03cc24fe2ec6fd3f4259fdc2e3cb99b4e6e58e3836ed3774fb2f881c33faa2b04abdabc1a425de543011e77c449dcb0ff0cc0e2620d10
-
SSDEEP
384:MgWLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTM:O98o08kxofBE+ZkXaITbp2F2TWul0c5g
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/448/cmdline File opened for reading /proc/587/cmdline File opened for reading /proc/764/cmdline File opened for reading /proc/1043/cmdline File opened for reading /proc/1423/cmdline File opened for reading /proc/1425/cmdline File opened for reading /proc/1464/cmdline File opened for reading /proc/441/cmdline File opened for reading /proc/692/cmdline File opened for reading /proc/1003/cmdline File opened for reading /proc/1315/cmdline File opened for reading /proc/497/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/992/cmdline File opened for reading /proc/1145/cmdline File opened for reading /proc/1507/cmdline File opened for reading /proc/1855/cmdline File opened for reading /proc/440/cmdline File opened for reading /proc/453/cmdline File opened for reading /proc/484/cmdline File opened for reading /proc/805/cmdline File opened for reading /proc/867/cmdline File opened for reading /proc/1290/cmdline File opened for reading /proc/455/cmdline File opened for reading /proc/855/cmdline File opened for reading /proc/1449/cmdline File opened for reading /proc/1460/cmdline File opened for reading /proc/501/cmdline File opened for reading /proc/1077/cmdline File opened for reading /proc/1097/cmdline File opened for reading /proc/1194/cmdline File opened for reading /proc/1258/cmdline File opened for reading /proc/1419/cmdline File opened for reading /proc/518/cmdline File opened for reading /proc/950/cmdline File opened for reading /proc/1126/cmdline File opened for reading /proc/1418/cmdline File opened for reading /proc/496/cmdline File opened for reading /proc/803/cmdline File opened for reading /proc/982/cmdline File opened for reading /proc/1081/cmdline File opened for reading /proc/1096/cmdline File opened for reading /proc/1121/cmdline File opened for reading /proc/1432/cmdline File opened for reading /proc/641/cmdline File opened for reading /proc/830/cmdline File opened for reading /proc/955/cmdline File opened for reading /proc/973/cmdline File opened for reading /proc/1422/cmdline File opened for reading /proc/1424/cmdline File opened for reading /proc/2076/cmdline File opened for reading /proc/1453/cmdline File opened for reading /proc/1519/cmdline File opened for reading /proc/644/cmdline File opened for reading /proc/926/cmdline File opened for reading /proc/1082/cmdline File opened for reading /proc/1417/cmdline File opened for reading /proc/1483/cmdline File opened for reading /proc/676/cmdline File opened for reading /proc/1420/cmdline File opened for reading /proc/1421/cmdline File opened for reading /proc/1426/cmdline File opened for reading /proc/1301/cmdline File opened for reading /proc/696/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1478-1-0x0000000008048000-0x00000000080547a0-memory.dmp