Overview

overview

10

Static

static

7

SecuriteIn...17.elf

debian-9-armhf

10

Analysis

  • max time kernel
    149s
  • max time network
    6s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    14/09/2024, 08:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Linux.Siggen.9999.13676.18917.elf

  • Size

    45KB

  • MD5

    c84f29f2ab0d87cfea2a1a4251a8bea2

  • SHA1

    7afde7b9df77980acca2c40c6b66ab58e6c28c43

  • SHA256

    92191bb67c7de30dca8b11e062c204e9f43febce6207975f29e350a84628023d

  • SHA512

    f38ab551ece96190809ec70738a8534fc1526da54f5a30aa308902a17a018990a712550c3660cea6c9bf1f01d6e86dbf458af6509d5248b419ee3fb3c540f0a5

  • SSDEEP

    768:a0jrKT5w3HH/ifbJfkzt1v9tJJ5tp31zOAv9q3UELeNvu2M8CEv8JB505qTUbW/E:a0jrS5wP+N8Pv9tJtOAeLovu2M9Dn5sF

Score
10/10
mirailzrdbotnetdefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 32 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/SecuriteInfo.com.Linux.Siggen.9999.13676.18917.elf
    /tmp/SecuriteInfo.com.Linux.Siggen.9999.13676.18917.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:639

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads