Analysis
-
max time kernel
149s -
max time network
7s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
11-04-2024 01:44
General
-
Target
dab4d2935ff7d215a4b5efc8f586412eb42ef797bb5257062712456623f7e5e1.elf
-
Size
26KB
-
MD5
80b0a2d9c9c6b89f7306a1bd3f4bedde
-
SHA1
d0b583b986b8ee11f9f197465717f318d78dc3b5
-
SHA256
dab4d2935ff7d215a4b5efc8f586412eb42ef797bb5257062712456623f7e5e1
-
SHA512
e1d9fff24d394b931445f84607d948068df9a3aeef8ee47684e8d166b272c340e70f87ea407378e1073ba25b2ee15f9770e08f27377eaf5ec88c41a2f3c1980d
-
SSDEEP
768:mBPEeJMM4olieRV+X8YsXcc5+0UobMs3UozhSq:sMM4olieH+B6UobJzhSq
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 38 IoCs
Reads data from /proc virtual filesystem.
Processes:
dab4d2935ff7d215a4b5efc8f586412eb42ef797bb5257062712456623f7e5e1.elfdescription ioc File opened for reading /proc/435/cmdline File opened for reading /proc/618/cmdline File opened for reading /proc/721/cmdline File opened for reading /proc/796/cmdline File opened for reading /proc/497/cmdline File opened for reading /proc/657/cmdline File opened for reading /proc/658/cmdline File opened for reading /proc/784/cmdline File opened for reading /proc/786/cmdline File opened for reading /proc/711/cmdline File opened for reading /proc/732/cmdline File opened for reading /proc/783/cmdline File opened for reading /proc/791/cmdline File opened for reading /proc/800/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/788/cmdline File opened for reading /proc/792/cmdline File opened for reading /proc/498/cmdline File opened for reading /proc/664/cmdline File opened for reading /proc/700/cmdline File opened for reading /proc/728/cmdline File opened for reading /proc/779/cmdline File opened for reading /proc/798/cmdline File opened for reading /proc/802/cmdline File opened for reading /proc/790/cmdline File opened for reading /proc/self/exe dab4d2935ff7d215a4b5efc8f586412eb42ef797bb5257062712456623f7e5e1.elf File opened for reading /proc/660/cmdline File opened for reading /proc/662/cmdline File opened for reading /proc/668/cmdline File opened for reading /proc/722/cmdline File opened for reading /proc/450/cmdline File opened for reading /proc/673/cmdline File opened for reading /proc/740/cmdline File opened for reading /proc/766/cmdline File opened for reading /proc/773/cmdline File opened for reading /proc/671/cmdline File opened for reading /proc/774/cmdline File opened for reading /proc/794/cmdline
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/665-1-0x00008000-0x00022a48-memory.dmp