Analysis
-
max time kernel
149s -
max time network
6s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
25-03-2024 09:37
General
-
Target
8c31c17fc49e1980133565ca3f73bae6.elf
-
Size
21KB
-
MD5
8c31c17fc49e1980133565ca3f73bae6
-
SHA1
ca80fdea40a75f6d91a31f62eaa2734dc11bc8ed
-
SHA256
66f69eb0e036c62e16695826f77b35f46cd21ef6147398c6fed885130ef2fbd7
-
SHA512
ab72e309da53c89bb24d05474ca1a3f3f13d9146f47af5e46bb9e9a5a25c8024941f2b027e8ba3cb2411d72c683a417526d649ed4f83275ca50882a8f9384188
-
SSDEEP
384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjJLhymdGUop5hi:vvQn4j+ZO5fKAlx9s3Uozk
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 33 IoCs
Reads data from /proc virtual filesystem.
Processes:
8c31c17fc49e1980133565ca3f73bae6.elfdescription ioc File opened for reading /proc/750/cmdline File opened for reading /proc/590/cmdline File opened for reading /proc/597/cmdline File opened for reading /proc/640/cmdline File opened for reading /proc/751/cmdline File opened for reading /proc/595/cmdline File opened for reading /proc/641/cmdline File opened for reading /proc/683/cmdline File opened for reading /proc/704/cmdline File opened for reading /proc/716/cmdline File opened for reading /proc/764/cmdline File opened for reading /proc/772/cmdline File opened for reading /proc/self/exe 8c31c17fc49e1980133565ca3f73bae6.elf File opened for reading /proc/645/cmdline File opened for reading /proc/776/cmdline File opened for reading /proc/577/cmdline File opened for reading /proc/598/cmdline File opened for reading /proc/638/cmdline File opened for reading /proc/770/cmdline File opened for reading /proc/774/cmdline File opened for reading /proc/768/cmdline File opened for reading /proc/635/cmdline File opened for reading /proc/708/cmdline File opened for reading /proc/736/cmdline File opened for reading /proc/753/cmdline File opened for reading /proc/758/cmdline File opened for reading /proc/760/cmdline File opened for reading /proc/762/cmdline File opened for reading /proc/773/cmdline File opened for reading /proc/650/cmdline File opened for reading /proc/737/cmdline File opened for reading /proc/766/cmdline File opened for reading /proc/778/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/642-1-0x00008000-0x0001dca4-memory.dmp