Analysis
-
max time kernel
149s -
max time network
5s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
02/08/2024, 12:30
General
-
Target
132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf
-
Size
23KB
-
MD5
2bf6cefed1bd345fe34946b667826813
-
SHA1
d5b8a44e5fc42c4554e9f7b20ad87f81b73086df
-
SHA256
132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4
-
SHA512
e0230cceb5119b6e06888853c7ef1eadbcd7971524f050f9dee6b86d16d76aa5723e836995fbfa6d4be19c15acfd5a14f5785dcfe7e533e07644655768fd412e
-
SSDEEP
384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtuicmdzJgGlzDpH7uNj1JA4g:neD8ZSWvZHZbs1row697qohQvg9cizJ3
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for modification /dev/misc/watchdog 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf -
Writes file to system bin folder 1 TTPs 2 IoCs
description ioc Process File opened for modification /sbin/watchdog 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for modification /bin/watchdog 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf -
Reads runtime system information 21 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/743/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/755/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/837/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/701/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/698/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/732/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/738/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/792/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/420/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/705/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/731/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/745/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/799/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/803/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/810/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/811/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/667/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/720/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/736/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/737/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf File opened for reading /proc/671/cmdline 132af342c14c21e6c3935ceadd7381d5ed84438523023eab55f7824839c45be4.elf