Analysis
-
max time kernel
149s -
max time network
6s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
11-04-2024 01:24
General
-
Target
704caef2e8472ed02ec43aab4f31fb34d7d651f0f2251db7b39495b6d530d9dd.elf
-
Size
37KB
-
MD5
3786674918d759ff44e3ebddad231071
-
SHA1
b2b7be3f5392911aca7b902a1472dc171c72dcf5
-
SHA256
704caef2e8472ed02ec43aab4f31fb34d7d651f0f2251db7b39495b6d530d9dd
-
SHA512
6473808b1c964c4c7826cb9153cf357031755b3908dd24df42778985c9d4970c7df419347e92505e1b87f3f8f01138fbc6d8de6da865f5e07c8c4bfe34296aa6
-
SSDEEP
768:ItB5dgXnbH/WqSA+v1uvDvfiORrHE6EQRW3F/fK:IRdGbHlT+NijfiwHYdF/S
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /bin/watchdog File opened for modification /sbin/watchdog -
Reads runtime system information 20 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/768/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/803/cmdline File opened for reading /proc/686/cmdline File opened for reading /proc/702/cmdline File opened for reading /proc/703/cmdline File opened for reading /proc/709/cmdline File opened for reading /proc/713/cmdline File opened for reading /proc/675/cmdline File opened for reading /proc/685/cmdline File opened for reading /proc/708/cmdline File opened for reading /proc/720/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/783/cmdline File opened for reading /proc/752/cmdline File opened for reading /proc/435/cmdline File opened for reading /proc/679/cmdline File opened for reading /proc/683/cmdline File opened for reading /proc/705/cmdline File opened for reading /proc/715/cmdline
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/710-1-0x00400000-0x0042a918-memory.dmp