Analysis
-
max time kernel
152s -
max time network
158s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
20-04-2024 01:33
Behavioral task
behavioral1
Sample
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf
Resource
debian12-mipsel-20240221-en
General
-
Target
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf
-
Size
97KB
-
MD5
f3f909238b26928d0587e272fc702866
-
SHA1
aa2a80dc9db8553ea5e17958130662955ade4e10
-
SHA256
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1
-
SHA512
2b09a7fd4391dd9bc48314eaaa75a40eabe8b7332099da2525193cb5f79a0b8d654de0d668fc35806f8fe45bdfa21095f1411c9fe29cbf85eb605bee6d154085
-
SSDEEP
1536:8wPBYpO2CUIO2/M+LIjrqr1oNgfR34b7ZZ/myEhmJ:8yBYpO2rI/u2R3C7gcJ
Malware Config
Signatures
-
Processes:
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elfdescription ioc process File deleted /var/log/audit/audit.log 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf -
Deletes itself 1 IoCs
Processes:
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elfpid process 727 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf -
Processes:
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elfdescription ioc process File deleted /var/log/journal/edeb2f80f756429c9aae366fe5ab23dd/system.journal 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elfdescription ioc process File opened for modification /dev/watchdog 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for modification /dev/misc/watchdog 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf -
Deletes log files 1 TTPs 1 IoCs
Deletes log files on the system.
Processes:
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elfdescription ioc process File deleted /var/log/wtmp 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
Processes:
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself h2umfprio2gu 727 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elfdescription ioc process File opened for reading /proc/866/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1075/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1178/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1199/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/795/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/777/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/803/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/835/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/880/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/949/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1183/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/771/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/394/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/719/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1010/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1145/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1203/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/179/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1021/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1034/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/776/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1108/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/781/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/118/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/201/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/723/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/734/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1187/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1201/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/5/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/48/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/718/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1195/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1206/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/17/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/746/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/962/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1024/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1129/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1143/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/53/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/353/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/911/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1151/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1175/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/19/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1204/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/773/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/913/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1190/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1196/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/768/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/736/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/833/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/59/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/900/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/966/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1049/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1054/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/23/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/29/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/550/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1076/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf File opened for reading /proc/1157/cmdline 7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf
Processes
-
/tmp/7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf/tmp/7452a8cd6d737917f4d19adcef67e8cc47b643da9d703a37fb2af6644a78edc1.elf1⤵
- Deletes Audit logs
- Deletes itself
- Deletes journal logs
- Modifies Watchdog functionality
- Deletes log files
- Changes its process name
- Reads runtime system information