Overview

overview

10

Static

static

7

24722724dc...78.elf

debian-9-mipsel

10

Analysis

  • max time kernel
    149s
  • max time network
    6s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240226-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    28-04-2024 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24722724dcbbf6fbc64440cd128dbb78.elf

  • Size

    27KB

  • MD5

    24722724dcbbf6fbc64440cd128dbb78

  • SHA1

    8ebadca9fdd14605fc28ff83d8767db0a1f3db78

  • SHA256

    485219d81f619bc9a647a7e576a4f96400eec5fd91194824dce6a548e96a71ce

  • SHA512

    3bc48932952dfe278e287a58642d153466063f06aceae21c1e5b28c5f31e54ad9ba85762e48306f340ea5a15f46ca3cd790c8f9234441e05a3a5fda812f64848

  • SSDEEP

    384:ATDpTqrBMyz2ZpRcZbsZGBdHIwFrs1PY1a910Jxc5s3ArKKLYF14Bo0MgRWGVCz9:ATDFqrG9zcZe2HI0rA/9Gxd/14fRWF

Score
10/10
mirailzrdbotnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 19 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/24722724dcbbf6fbc64440cd128dbb78.elf
    /tmp/24722724dcbbf6fbc64440cd128dbb78.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:711

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/711-1-0x00400000-0x0042bcb4-memory.dmp
    Download