Analysis
-
max time kernel
149s -
max time network
133s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25-04-2024 12:35
General
-
Target
SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf
-
Size
27KB
-
MD5
6f3474f1cd0a4ffad5c1264ecf0e8a32
-
SHA1
9fed71fc34f2d61b7e159502b96e4ac5b2e8bb30
-
SHA256
f04972bd93af551702198a699553adfc3c66bc044d8e30b18edfe56dbaa650a6
-
SHA512
a26d0924a05a9daed32aa3de821e624cc49532d010f2f6898ac22344d60a302cbf3210351b63bcc5533e2c84742350afae84a293c1183e2a47195fffe200e790
-
SSDEEP
768:DbdX14mC31ecSKqEI8e+rGPRRtIDAfnlnnZ9AEzEJgGlzDpbuR1JF:DBX14mC31enKqEI/+CriYlnZ9H8VJur
Malware Config
Extracted
mirai
LZRD
www.sushiking.world
s.sushiking.world
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elfdescription ioc process File opened for modification /dev/watchdog SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for modification /dev/misc/watchdog SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elfdescription ioc process File opened for reading /proc/net/tcp SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elfdescription ioc process File opened for reading /proc/net/tcp SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf -
Reads runtime system information 42 IoCs
Reads data from /proc virtual filesystem.
Processes:
SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elfdescription ioc process File opened for reading /proc/155/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/673/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/709/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/717/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/728/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/779/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/334/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/677/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/690/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/673/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/419/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/715/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/419/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/707/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/676/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/677/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/717/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/783/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/337/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/676/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/703/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/791/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/712/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/1/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/370/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/704/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/669/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/718/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/669/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/690/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/706/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/251/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/365/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/367/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/714/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/710/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/175/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/382/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/383/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/391/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/715/fd SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf File opened for reading /proc/703/exe SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/711-1-0x00400000-0x00456a08-memory.dmp