Analysis
-
max time kernel
0s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
12-04-2024 01:34
General
-
Target
08d16f99a0e02bb0c730c99e5c108088cade2236020064ed835ead753e9ae281.elf
-
Size
48KB
-
MD5
b8dfb910b925f434b12bdc73a9d9d2ed
-
SHA1
8d49d6801ea8456272a6d97fd27d517f59eef427
-
SHA256
08d16f99a0e02bb0c730c99e5c108088cade2236020064ed835ead753e9ae281
-
SHA512
4c57f12379fb8256b4caf77af5b58da40ac2f4b7fcb4df934d5d71ceeb78181dd0797341d9b1c4530dc0cdb3ff4f445511f74b641dd4daf238a9fa945d631433
-
SSDEEP
768:09jTER9s7MbCZD9xXgwJuUIhcr4Rv07LCziAHGmdU5j9q3UELTw/5AyMkKqvTlB:gEDs7MeZDrwwJuVFRvjiUG4LU/RMkrlB
Malware Config
Extracted
Family
mirai
Botnet
MIRAI
Signatures
-
Deletes itself 1 IoCs
Processes:
08d16f99a0e02bb0c730c99e5c108088cade2236020064ed835ead753e9ae281.elfpid process 645 08d16f99a0e02bb0c730c99e5c108088cade2236020064ed835ead753e9ae281.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
08d16f99a0e02bb0c730c99e5c108088cade2236020064ed835ead753e9ae281.elfdescription ioc process File opened for modification /dev/watchdog 08d16f99a0e02bb0c730c99e5c108088cade2236020064ed835ead753e9ae281.elf File opened for modification /dev/misc/watchdog 08d16f99a0e02bb0c730c99e5c108088cade2236020064ed835ead753e9ae281.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
08d16f99a0e02bb0c730c99e5c108088cade2236020064ed835ead753e9ae281.elfdescription ioc process File opened for reading /proc/self/exe 08d16f99a0e02bb0c730c99e5c108088cade2236020064ed835ead753e9ae281.elf
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/645-1-0x00008000-0x00025760-memory.dmp