Analysis
-
max time kernel
149s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
08-04-2024 00:20
General
-
Target
bfabbc25aec15c96e0a1c72dfa1680a5.elf
-
Size
20KB
-
MD5
bfabbc25aec15c96e0a1c72dfa1680a5
-
SHA1
a18a964d089b5c40ae36efe6b313dcbad5add234
-
SHA256
44f8519aa43c7f6e97c7881e47113d20918e4a0ef2a9bc4c0f36518ffa6ab9ef
-
SHA512
e2cfdc6dd02b80b5a4cde1424cfdf2e12219c1d70844339ed823de30620634517a8da5da0c3dba0517ce05dbfe3f4d714ad171cbc50a8c684e4d8543c1bf5712
-
SSDEEP
384:M0DLpj8s/qPui8uZxoIA57RWQjJiEVi+Zk1admTb+502F2vwA9dWuMW21bAK1oTw:x98o08kxofBE+Zk1aITbp2F2TWul0c5k
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/1114/cmdline File opened for reading /proc/1276/cmdline File opened for reading /proc/1554/cmdline File opened for reading /proc/603/cmdline File opened for reading /proc/1071/cmdline File opened for reading /proc/1091/cmdline File opened for reading /proc/462/cmdline File opened for reading /proc/1172/cmdline File opened for reading /proc/1617/cmdline File opened for reading /proc/1605/cmdline File opened for reading /proc/964/cmdline File opened for reading /proc/970/cmdline File opened for reading /proc/1024/cmdline File opened for reading /proc/1076/cmdline File opened for reading /proc/1447/cmdline File opened for reading /proc/1296/cmdline File opened for reading /proc/1346/cmdline File opened for reading /proc/1587/cmdline File opened for reading /proc/601/cmdline File opened for reading /proc/637/cmdline File opened for reading /proc/729/cmdline File opened for reading /proc/1136/cmdline File opened for reading /proc/548/cmdline File opened for reading /proc/1124/cmdline File opened for reading /proc/453/cmdline File opened for reading /proc/1054/cmdline File opened for reading /proc/1260/cmdline File opened for reading /proc/1667/cmdline File opened for reading /proc/472/cmdline File opened for reading /proc/696/cmdline File opened for reading /proc/963/cmdline File opened for reading /proc/1095/cmdline File opened for reading /proc/1144/cmdline File opened for reading /proc/1184/cmdline File opened for reading /proc/1307/cmdline File opened for reading /proc/1576/cmdline File opened for reading /proc/1649/cmdline File opened for reading /proc/1673/cmdline File opened for reading /proc/991/cmdline File opened for reading /proc/1637/cmdline File opened for reading /proc/1655/cmdline File opened for reading /proc/1589/cmdline File opened for reading /proc/659/cmdline File opened for reading /proc/1197/cmdline File opened for reading /proc/1198/cmdline File opened for reading /proc/1203/cmdline File opened for reading /proc/1354/cmdline File opened for reading /proc/543/cmdline File opened for reading /proc/1368/cmdline File opened for reading /proc/454/cmdline File opened for reading /proc/648/cmdline File opened for reading /proc/418/cmdline File opened for reading /proc/458/cmdline File opened for reading /proc/563/cmdline File opened for reading /proc/1132/cmdline File opened for reading /proc/476/cmdline File opened for reading /proc/481/cmdline File opened for reading /proc/669/cmdline File opened for reading /proc/1161/cmdline File opened for reading /proc/1196/cmdline File opened for reading /proc/1201/cmdline File opened for reading /proc/1580/cmdline File opened for reading /proc/455/cmdline File opened for reading /proc/528/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1584-1-0x0000000008048000-0x00000000080547a0-memory.dmp