Analysis
-
max time kernel
149s -
max time network
9s -
platform
debian-9_armhf -
resource
debian9-armhf-20240221-en -
resource tags
arch:armhfimage:debian9-armhf-20240221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
23-02-2024 05:28
General
-
Target
a71be073ca2fd00cdfa663ba76fd6fa46770b53ebe1368992758120d7be4b4fd.elf
-
Size
21KB
-
MD5
915eca335c37b2b8264426b8c39f0278
-
SHA1
3bfe78cd4c2c732cb66b6a4bcd782463f02b5a8c
-
SHA256
a71be073ca2fd00cdfa663ba76fd6fa46770b53ebe1368992758120d7be4b4fd
-
SHA512
ba462558a06f370b6381c6d055b59a85622462f3bb2c97ea3688bbc5992cd87cf66c1d8b10b7604878712861eaa5557e6305acd679493e547fa8df9c6a56356b
-
SSDEEP
384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjChymdGUop5hP:vvQn4j+ZO5fKAlx2s3Uozp
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 42 IoCs
Reads data from /proc virtual filesystem.
Processes:
a71be073ca2fd00cdfa663ba76fd6fa46770b53ebe1368992758120d7be4b4fd.elfdescription ioc File opened for reading /proc/620/cmdline File opened for reading /proc/658/cmdline File opened for reading /proc/667/cmdline File opened for reading /proc/754/cmdline File opened for reading /proc/761/cmdline File opened for reading /proc/801/cmdline File opened for reading /proc/791/cmdline File opened for reading /proc/468/cmdline File opened for reading /proc/660/cmdline File opened for reading /proc/694/cmdline File opened for reading /proc/741/cmdline File opened for reading /proc/787/cmdline File opened for reading /proc/789/cmdline File opened for reading /proc/672/cmdline File opened for reading /proc/739/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/self/exe a71be073ca2fd00cdfa663ba76fd6fa46770b53ebe1368992758120d7be4b4fd.elf File opened for reading /proc/727/cmdline File opened for reading /proc/706/cmdline File opened for reading /proc/736/cmdline File opened for reading /proc/769/cmdline File opened for reading /proc/780/cmdline File opened for reading /proc/795/cmdline File opened for reading /proc/657/cmdline File opened for reading /proc/676/cmdline File opened for reading /proc/712/cmdline File opened for reading /proc/731/cmdline File opened for reading /proc/793/cmdline File opened for reading /proc/416/cmdline File opened for reading /proc/662/cmdline File opened for reading /proc/670/cmdline File opened for reading /proc/707/cmdline File opened for reading /proc/720/cmdline File opened for reading /proc/783/cmdline File opened for reading /proc/797/cmdline File opened for reading /proc/799/cmdline File opened for reading /proc/429/cmdline File opened for reading /proc/467/cmdline File opened for reading /proc/663/cmdline File opened for reading /proc/747/cmdline File opened for reading /proc/776/cmdline File opened for reading /proc/785/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/664-1-0x00008000-0x0001dca4-memory.dmp