Analysis
-
max time kernel
5s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
11-04-2024 01:55
General
-
Target
ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elf
-
Size
24KB
-
MD5
e3e44596bde9334e415f91cb5fc796dc
-
SHA1
4d29e555b63847f93b4b92adf3b7284e805d7512
-
SHA256
ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770
-
SHA512
6e3db4ba81a93ec1a00bdf174d29d236a537f1ba16ab368921dfe073c9de7578eb9ae2f5e76fba9da8c724494a6c1b78fc460f7b04cd93a8aee55a8c87e60072
-
SSDEEP
768:XaXNE15Lv4R+DeIc7ormIedTHJhs3Uoze:XaXi15g+DeIpa7TpMze
Malware Config
Extracted
Family
mirai
Botnet
MIRAI
Signatures
-
Deletes itself 1 IoCs
Processes:
ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elfpid process 654 ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elfdescription ioc process File opened for modification /dev/watchdog ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elf File opened for modification /dev/misc/watchdog ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elfdescription ioc process File opened for reading /proc/net/tcp ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elfdescription ioc process File opened for reading /proc/net/tcp ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elfdescription ioc process File opened for reading /proc/self/exe ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elf
Processes
-
/tmp/ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elf/tmp/ff42180e5eca780ab282744d3832bb84c16ed606e340bd2c57a399a7bc5ee770.elf1⤵
- Deletes itself
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/654-1-0x00008000-0x0001d474-memory.dmp