Analysis
-
max time kernel
150s -
max time network
3s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
12-03-2024 04:39
General
-
Target
065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c.elf
-
Size
23KB
-
MD5
f150541f0b605488f47cca50fc0ccf39
-
SHA1
5c62ab5ab0abdd9314ff64dbf8ac65d0fb83effa
-
SHA256
065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c
-
SHA512
27cda69221ca4c5b061f3c16392f19c872904c560c960c4b6ee9dc442926ec75310d01920f2c45d4e1bd4a0676e325342c66063611f363b36fc19f2ae4acf325
-
SSDEEP
384:NeD8ZSH2LLZUYyGZbsOiTrowSXH7+JWJryngV9M5Us+X/l9W+gmdLJgGlzDpH7uE:NeD8ZSWvZHZbs1rowOH7+4rzV++vlMit
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 25 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/526/cmdline File opened for reading /proc/560/cmdline File opened for reading /proc/688/cmdline File opened for reading /proc/707/cmdline File opened for reading /proc/715/cmdline File opened for reading /proc/774/cmdline File opened for reading /proc/740/cmdline File opened for reading /proc/770/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/561/cmdline File opened for reading /proc/702/cmdline File opened for reading /proc/712/cmdline File opened for reading /proc/782/cmdline File opened for reading /proc/790/cmdline File opened for reading /proc/703/cmdline File opened for reading /proc/705/cmdline File opened for reading /proc/757/cmdline File opened for reading /proc/808/cmdline File opened for reading /proc/708/cmdline File opened for reading /proc/718/cmdline File opened for reading /proc/737/cmdline File opened for reading /proc/407/cmdline File opened for reading /proc/512/cmdline File opened for reading /proc/765/cmdline File opened for reading /proc/791/cmdline