Overview

overview

10

Static

static

7

9b2356d6fa...ea.elf

debian-9-armhf

10

Analysis

  • max time kernel
    149s
  • max time network
    11s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    22-07-2024 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b2356d6fa60307dc6776f25473592ea.elf

  • Size

    21KB

  • MD5

    9b2356d6fa60307dc6776f25473592ea

  • SHA1

    0911006d17603d412465dba7cc5435a313ac6b7e

  • SHA256

    301e421f6c17c8c99e52032c06adf88ea70861a52f1dd46a5889f885d8079a5d

  • SHA512

    c1f3826a4cd77085d47c48eea3127df18af9b31a92031f7587e4e73b834e7ca04d04ec5d3e13b69bb6950ae5300ebe97ac2714d2955590696e16b0a5cb953553

  • SSDEEP

    384:FB/HF1/1eZ9/6o10ILPljIgf76KRJ34QTECcbrv+0BYVUyeEDf0bTh2EPWVv4qhQ:FJHvcZ56qt9feK734QTEpbq0B4VQThyC

Score
10/10
mirailzrdbotnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 46 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/9b2356d6fa60307dc6776f25473592ea.elf
    /tmp/9b2356d6fa60307dc6776f25473592ea.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads