6a31cb7adc7bc79b024dae5b1f36ccb415fa7373d6472e3700c0b7346f35aac5

Analysis

max time kernel
150s
max time network
152s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
21/08/2024, 18:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bin.armv7l.elf
Size

142KB
MD5

6ca9f4abca4f3b3247ddaaa79fd95147
SHA1

4213074cb4c5147899817cae036943cbe0366061
SHA256

6a31cb7adc7bc79b024dae5b1f36ccb415fa7373d6472e3700c0b7346f35aac5
SHA512

c8ca8e3925aa5950b0ffcd16fc53d45b02392f0020cb7e05c769b38967516cb9f8d8779dc6f33199827dd78daca5756e7543d9754dbc0fe53b4cd0956e61d6d2
SSDEEP

3072:0yDABbDSwHyNg2br3aPJ5fyWb9afQjpgGSE1BW++g3y4a:qBbDjHyNTKP3fyi9afQjpgGSaGgi4a

Score

7^/10

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	bin.armv7l.elf
File opened for modification	/dev/misc/watchdog	bin.armv7l.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/745/cmdline	bin.armv7l.elf
File opened for reading	/proc/749/cmdline	bin.armv7l.elf
File opened for reading	/proc/760/cmdline	bin.armv7l.elf
File opened for reading	/proc/319/cmdline	bin.armv7l.elf
File opened for reading	/proc/312/cmdline	bin.armv7l.elf
File opened for reading	/proc/7/cmdline	bin.armv7l.elf
File opened for reading	/proc/728/cmdline	bin.armv7l.elf
File opened for reading	/proc/730/cmdline	bin.armv7l.elf
File opened for reading	/proc/752/cmdline	bin.armv7l.elf
File opened for reading	/proc/756/cmdline	bin.armv7l.elf
File opened for reading	/proc/344/cmdline	bin.armv7l.elf
File opened for reading	/proc/754/cmdline	bin.armv7l.elf
File opened for reading	/proc/767/cmdline	bin.armv7l.elf
File opened for reading	/proc/27/cmdline	bin.armv7l.elf
File opened for reading	/proc/8/cmdline	bin.armv7l.elf
File opened for reading	/proc/24/cmdline	bin.armv7l.elf
File opened for reading	/proc/46/cmdline	bin.armv7l.elf
File opened for reading	/proc/217/cmdline	bin.armv7l.elf
File opened for reading	/proc/691/cmdline	bin.armv7l.elf
File opened for reading	/proc/763/cmdline	bin.armv7l.elf
File opened for reading	/proc/1/cmdline	bin.armv7l.elf
File opened for reading	/proc/25/cmdline	bin.armv7l.elf
File opened for reading	/proc/58/cmdline	bin.armv7l.elf
File opened for reading	/proc/74/cmdline	bin.armv7l.elf
File opened for reading	/proc/143/cmdline	bin.armv7l.elf
File opened for reading	/proc/326/cmdline	bin.armv7l.elf
File opened for reading	/proc/727/cmdline	bin.armv7l.elf
File opened for reading	/proc/746/cmdline	bin.armv7l.elf
File opened for reading	/proc/22/cmdline	bin.armv7l.elf
File opened for reading	/proc/751/cmdline	bin.armv7l.elf
File opened for reading	/proc/321/cmdline	bin.armv7l.elf
File opened for reading	/proc/57/cmdline	bin.armv7l.elf
File opened for reading	/proc/45/cmdline	bin.armv7l.elf
File opened for reading	/proc/199/cmdline	bin.armv7l.elf
File opened for reading	/proc/219/cmdline	bin.armv7l.elf
File opened for reading	/proc/252/cmdline	bin.armv7l.elf
File opened for reading	/proc/342/cmdline	bin.armv7l.elf
File opened for reading	/proc/741/cmdline	bin.armv7l.elf
File opened for reading	/proc/18/cmdline	bin.armv7l.elf
File opened for reading	/proc/444/cmdline	bin.armv7l.elf
File opened for reading	/proc/748/cmdline	bin.armv7l.elf
File opened for reading	/proc/26/cmdline	bin.armv7l.elf
File opened for reading	/proc/739/cmdline	bin.armv7l.elf
File opened for reading	/proc/13/cmdline	bin.armv7l.elf
File opened for reading	/proc/23/cmdline	bin.armv7l.elf
File opened for reading	/proc/47/cmdline	bin.armv7l.elf
File opened for reading	/proc/687/cmdline	bin.armv7l.elf
File opened for reading	/proc/731/cmdline	bin.armv7l.elf
File opened for reading	/proc/736/cmdline	bin.armv7l.elf
File opened for reading	/proc/15/cmdline	bin.armv7l.elf
File opened for reading	/proc/445/cmdline	bin.armv7l.elf
File opened for reading	/proc/19/cmdline	bin.armv7l.elf
File opened for reading	/proc/20/cmdline	bin.armv7l.elf
File opened for reading	/proc/575/cmdline	bin.armv7l.elf
File opened for reading	/proc/714/cmdline	bin.armv7l.elf
File opened for reading	/proc/742/cmdline	bin.armv7l.elf
File opened for reading	/proc/747/cmdline	bin.armv7l.elf
File opened for reading	/proc/759/cmdline	bin.armv7l.elf
File opened for reading	/proc/12/cmdline	bin.armv7l.elf
File opened for reading	/proc/17/cmdline	bin.armv7l.elf
File opened for reading	/proc/735/cmdline	bin.armv7l.elf
File opened for reading	/proc/758/cmdline	bin.armv7l.elf
File opened for reading	/proc/10/cmdline	bin.armv7l.elf
File opened for reading	/proc/31/cmdline	bin.armv7l.elf

/tmp/bin.armv7l.elf
/tmp/bin.armv7l.elf
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:711

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads