Analysis
-
max time kernel
149s -
max time network
3s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
08-04-2024 00:10
General
-
Target
e22d9e42159f5322b06a3c14681f2d1d.elf
-
Size
21KB
-
MD5
e22d9e42159f5322b06a3c14681f2d1d
-
SHA1
47798c01ef520f2e22a0462550225cbf5be0ecfb
-
SHA256
721fa2fe4eb561fd2ee1a05ebd2bbc1d3ca185bbd86b655095c0265d6dbd6e67
-
SHA512
23c3483eccb18608d8a1791e978e36bc3aacc125c1d9646e728553a791fdac2edd933aeeef73f532442496c4252fb7d1d2434c343446f16f06901e47736e4a49
-
SSDEEP
384:TvtIoZxrSniaXs+qx+bwqPXX31+igKb49oQBB7xGjkWRHDwhymdGUop5h0:TvQn4j+Bltb4HZGjdpws3UozG
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 39 IoCs
Reads data from /proc virtual filesystem.
Processes:
e22d9e42159f5322b06a3c14681f2d1d.elfdescription ioc process File opened for reading /proc/self/exe e22d9e42159f5322b06a3c14681f2d1d.elf File opened for reading /proc/489/cmdline File opened for reading /proc/655/cmdline File opened for reading /proc/715/cmdline File opened for reading /proc/719/cmdline File opened for reading /proc/604/cmdline File opened for reading /proc/684/cmdline File opened for reading /proc/704/cmdline File opened for reading /proc/762/cmdline File opened for reading /proc/785/cmdline File opened for reading /proc/453/cmdline File opened for reading /proc/644/cmdline File opened for reading /proc/645/cmdline File opened for reading /proc/658/cmdline File opened for reading /proc/728/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/648/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/779/cmdline File opened for reading /proc/783/cmdline File opened for reading /proc/789/cmdline File opened for reading /proc/439/cmdline File opened for reading /proc/727/cmdline File opened for reading /proc/769/cmdline File opened for reading /proc/773/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/650/cmdline File opened for reading /proc/651/cmdline File opened for reading /proc/777/cmdline File opened for reading /proc/659/cmdline File opened for reading /proc/743/cmdline File opened for reading /proc/753/cmdline File opened for reading /proc/787/cmdline File opened for reading /proc/488/cmdline File opened for reading /proc/694/cmdline File opened for reading /proc/754/cmdline File opened for reading /proc/760/cmdline File opened for reading /proc/764/cmdline File opened for reading /proc/780/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/652-1-0x00008000-0x0001dca4-memory.dmp