Analysis

  • max time kernel
    143s
  • max time network
    160s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    02/08/2024, 08:42

General

  • Target

    c4cf6b826928676b959fbd63cc081a8c.elf

  • Size

    59KB

  • MD5

    c4cf6b826928676b959fbd63cc081a8c

  • SHA1

    6c5bc111d8b7a72ce3fc19e53ce991d8076828d7

  • SHA256

    2d7e8ffe5b44522e8979c99cc9e59ca460cf25f07bc76025162fec5807341834

  • SHA512

    b2267d9d02bcdccf8df61cb0d0efdaaf74bcf243d2fc341a2502ade0ea21ed84f736477af38269ca1b437a9e94c9c1ff1f21a20a011c02b8ac43a4315e1974d8

  • SSDEEP

    1536:yzmnkYksSmZog6nH7+BoEMstVAuaXT7Mpp:yiasSmCg6H7QowVAuD

Score
10/10

Malware Config

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/c4cf6b826928676b959fbd63cc081a8c.elf
    /tmp/c4cf6b826928676b959fbd63cc081a8c.elf
    1⤵
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:710

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads