Analysis
-
max time kernel
149s -
max time network
6s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28-04-2024 11:58
General
-
Target
24722724dcbbf6fbc64440cd128dbb78.elf
-
Size
27KB
-
MD5
24722724dcbbf6fbc64440cd128dbb78
-
SHA1
8ebadca9fdd14605fc28ff83d8767db0a1f3db78
-
SHA256
485219d81f619bc9a647a7e576a4f96400eec5fd91194824dce6a548e96a71ce
-
SHA512
3bc48932952dfe278e287a58642d153466063f06aceae21c1e5b28c5f31e54ad9ba85762e48306f340ea5a15f46ca3cd790c8f9234441e05a3a5fda812f64848
-
SSDEEP
384:ATDpTqrBMyz2ZpRcZbsZGBdHIwFrs1PY1a910Jxc5s3ArKKLYF14Bo0MgRWGVCz9:ATDFqrG9zcZe2HI0rA/9Gxd/14fRWF
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
24722724dcbbf6fbc64440cd128dbb78.elfdescription ioc process File opened for modification /dev/misc/watchdog 24722724dcbbf6fbc64440cd128dbb78.elf File opened for modification /dev/watchdog 24722724dcbbf6fbc64440cd128dbb78.elf -
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
24722724dcbbf6fbc64440cd128dbb78.elfdescription ioc process File opened for modification /sbin/watchdog 24722724dcbbf6fbc64440cd128dbb78.elf File opened for modification /bin/watchdog 24722724dcbbf6fbc64440cd128dbb78.elf -
Reads runtime system information 19 IoCs
Reads data from /proc virtual filesystem.
Processes:
24722724dcbbf6fbc64440cd128dbb78.elfdescription ioc process File opened for reading /proc/435/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/703/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/683/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/686/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/714/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/716/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/675/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/679/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/721/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/767/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/772/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/784/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/787/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/706/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/709/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/710/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/776/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/685/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf File opened for reading /proc/704/cmdline 24722724dcbbf6fbc64440cd128dbb78.elf
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/711-1-0x00400000-0x0042bcb4-memory.dmp