Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    04/08/2024, 01:23

General

  • Target

    69a6ca5df903815f85acc9697d85375be9d3d07692d57dcc83bd92ff237321bc.elf

  • Size

    52KB

  • MD5

    23d74e263d1bde58ccd65ce4ec8f548f

  • SHA1

    800671815fa9249de704fa930dbb59871e4ad89b

  • SHA256

    69a6ca5df903815f85acc9697d85375be9d3d07692d57dcc83bd92ff237321bc

  • SHA512

    fa4ab5a66673bf2b0cffdbb2af04c13f8c4db20d43814e7b616b044ca3a6ac0c6e53978261b6f7368597828527cd2a84a425164a6763835250e6a8cabb59af27

  • SSDEEP

    768:/Mte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLrP59q3UELbOs8qMV:/M84ISRX63dZQbS5rzZ0LIVmWjB

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (20486) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 43 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/69a6ca5df903815f85acc9697d85375be9d3d07692d57dcc83bd92ff237321bc.elf
    /tmp/69a6ca5df903815f85acc9697d85375be9d3d07692d57dcc83bd92ff237321bc.elf
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:701

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads