Analysis
-
max time kernel
149s -
max time network
8s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
23-02-2024 05:33
General
-
Target
13ef3819a8adb6cb90da5cd0aa1264b7.elf
-
Size
24KB
-
MD5
13ef3819a8adb6cb90da5cd0aa1264b7
-
SHA1
f97c4590a8643079fd3d661251bce547f6b93546
-
SHA256
9f79e9bff2779e181e7fe43b1e98d183cebe2e9e70a886071795130d0d6b5c71
-
SHA512
21ff345aed2eb4387e05f9ca2ac2a0dd5d0f6be732aaa578e22cbcd26f7e4b04355df11cbd1ff1ead26e2cf142fcf03567b8e40b66f59ec2bfdb02268b23b7ea
-
SSDEEP
768:c4rQlS07dEv0UXqUhvQE+CXQKMQKCXBpVa1Zq8WvZb:BQlS07FUXqIYSXQKqukLq/
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 15 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/697/cmdline File opened for reading /proc/715/cmdline File opened for reading /proc/436/cmdline File opened for reading /proc/695/cmdline File opened for reading /proc/710/cmdline File opened for reading /proc/714/cmdline File opened for reading /proc/679/cmdline File opened for reading /proc/733/cmdline File opened for reading /proc/716/cmdline File opened for reading /proc/726/cmdline File opened for reading /proc/401/cmdline File opened for reading /proc/410/cmdline File opened for reading /proc/411/cmdline File opened for reading /proc/667/cmdline File opened for reading /proc/680/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/722-1-0x00400000-0x00452a58-memory.dmp