Analysis
-
max time kernel
143s -
max time network
148s -
platform
debian-12_armhf -
resource
debian12-armhf-20240729-en -
resource tags
arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
03/08/2024, 01:14
General
-
Target
2d7e8ffe5b44522e8979c99cc9e59ca460cf25f07bc76025162fec5807341834.elf
-
Size
59KB
-
MD5
c4cf6b826928676b959fbd63cc081a8c
-
SHA1
6c5bc111d8b7a72ce3fc19e53ce991d8076828d7
-
SHA256
2d7e8ffe5b44522e8979c99cc9e59ca460cf25f07bc76025162fec5807341834
-
SHA512
b2267d9d02bcdccf8df61cb0d0efdaaf74bcf243d2fc341a2502ade0ea21ed84f736477af38269ca1b437a9e94c9c1ff1f21a20a011c02b8ac43a4315e1974d8
-
SSDEEP
1536:yzmnkYksSmZog6nH7+BoEMstVAuaXT7Mpp:yiasSmCg6H7QowVAuD
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 2d7e8ffe5b44522e8979c99cc9e59ca460cf25f07bc76025162fec5807341834.elf File opened for modification /dev/misc/watchdog 2d7e8ffe5b44522e8979c99cc9e59ca460cf25f07bc76025162fec5807341834.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/www/html 701 2d7e8ffe5b44522e8979c99cc9e59ca460cf25f07bc76025162fec5807341834.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/exe 2d7e8ffe5b44522e8979c99cc9e59ca460cf25f07bc76025162fec5807341834.elf