Analysis
-
max time kernel
149s -
max time network
9s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
10-04-2024 09:29
General
-
Target
SecuriteInfo.com.Linux.Siggen.9999.2441.5700.elf
-
Size
26KB
-
MD5
80b0a2d9c9c6b89f7306a1bd3f4bedde
-
SHA1
d0b583b986b8ee11f9f197465717f318d78dc3b5
-
SHA256
dab4d2935ff7d215a4b5efc8f586412eb42ef797bb5257062712456623f7e5e1
-
SHA512
e1d9fff24d394b931445f84607d948068df9a3aeef8ee47684e8d166b272c340e70f87ea407378e1073ba25b2ee15f9770e08f27377eaf5ec88c41a2f3c1980d
-
SSDEEP
768:mBPEeJMM4olieRV+X8YsXcc5+0UobMs3UozhSq:sMM4olieH+B6UobJzhSq
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 41 IoCs
Reads data from /proc virtual filesystem.
Processes:
SecuriteInfo.com.Linux.Siggen.9999.2441.5700.elfdescription ioc File opened for reading /proc/728/cmdline File opened for reading /proc/766/cmdline File opened for reading /proc/784/cmdline File opened for reading /proc/785/cmdline File opened for reading /proc/self/exe SecuriteInfo.com.Linux.Siggen.9999.2441.5700.elf File opened for reading /proc/457/cmdline File opened for reading /proc/653/cmdline File opened for reading /proc/664/cmdline File opened for reading /proc/789/cmdline File opened for reading /proc/657/cmdline File opened for reading /proc/724/cmdline File opened for reading /proc/787/cmdline File opened for reading /proc/520/cmdline File opened for reading /proc/779/cmdline File opened for reading /proc/795/cmdline File opened for reading /proc/519/cmdline File opened for reading /proc/659/cmdline File opened for reading /proc/731/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/444/cmdline File opened for reading /proc/671/cmdline File opened for reading /proc/736/cmdline File opened for reading /proc/754/cmdline File opened for reading /proc/723/cmdline File opened for reading /proc/793/cmdline File opened for reading /proc/797/cmdline File opened for reading /proc/762/cmdline File opened for reading /proc/772/cmdline File opened for reading /proc/777/cmdline File opened for reading /proc/783/cmdline File opened for reading /proc/654/cmdline File opened for reading /proc/660/cmdline File opened for reading /proc/679/cmdline File opened for reading /proc/732/cmdline File opened for reading /proc/798/cmdline File opened for reading /proc/715/cmdline File opened for reading /proc/791/cmdline File opened for reading /proc/614/cmdline File opened for reading /proc/666/cmdline File opened for reading /proc/691/cmdline File opened for reading /proc/701/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/661-1-0x00008000-0x00022a48-memory.dmp