Analysis
-
max time kernel
149s -
max time network
1s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
08-04-2024 00:18
General
-
Target
75cb748ca54a87a99bd3c1fb6fc89478.elf
-
Size
45KB
-
MD5
75cb748ca54a87a99bd3c1fb6fc89478
-
SHA1
265183f1ef00379b78d3a04b73d7912c7c9f478a
-
SHA256
fd922aa1d5be2c3a6f982610dc75f26c3de6b2e6f746810f82e7bdd8c7b5d68c
-
SHA512
250b7d7edf064a9d0aeef2ba01f0cb98253ad0ebed85c6e1fae14bb69011696e72a40a8d47797a61e3c813a92b0b05a581f492fd0f68d7a34788e4d457ea6064
-
SSDEEP
768:g/TYCoIxdEq+vZ7ZwfP4gH4Q+829q3UELbUXfi6nVMQHI4vcGpvC:gECF9KPaP8QxLRQZC
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 33 IoCs
Reads data from /proc virtual filesystem.
Processes:
75cb748ca54a87a99bd3c1fb6fc89478.elfdescription ioc File opened for reading /proc/636/cmdline File opened for reading /proc/651/cmdline File opened for reading /proc/765/cmdline File opened for reading /proc/self/exe 75cb748ca54a87a99bd3c1fb6fc89478.elf File opened for reading /proc/643/cmdline File opened for reading /proc/769/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/773/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/574/cmdline File opened for reading /proc/594/cmdline File opened for reading /proc/638/cmdline File opened for reading /proc/748/cmdline File opened for reading /proc/759/cmdline File opened for reading /proc/751/cmdline File opened for reading /proc/767/cmdline File opened for reading /proc/777/cmdline File opened for reading /proc/587/cmdline File opened for reading /proc/592/cmdline File opened for reading /proc/632/cmdline File opened for reading /proc/672/cmdline File opened for reading /proc/715/cmdline File opened for reading /proc/757/cmdline File opened for reading /proc/595/cmdline File opened for reading /proc/639/cmdline File opened for reading /proc/733/cmdline File opened for reading /proc/734/cmdline File opened for reading /proc/752/cmdline File opened for reading /proc/703/cmdline File opened for reading /proc/750/cmdline File opened for reading /proc/763/cmdline File opened for reading /proc/707/cmdline File opened for reading /proc/761/cmdline
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/640-1-0x00008000-0x00026464-memory.dmp