Analysis

  • max time kernel
    135s
  • max time network
    147s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    13/10/2024, 19:47

General

  • Target

    bc65b67b9d7b698cc14e918d061cc75f.elf

  • Size

    36KB

  • MD5

    bc65b67b9d7b698cc14e918d061cc75f

  • SHA1

    0e5708a090c4ff4c0ca14d8f5814956e48ca1681

  • SHA256

    62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e

  • SHA512

    0b83139cef0eada4054aaa9da6ece36d4906cd1508c1abf1103b5aa1b56abcc6a36ffbdd7ccbdc96161851a278913aaf87780842d882e974f9c4729cb4e86480

  • SSDEEP

    768:P+4qtvWUAASjjLMGz7/tjBQd4Mt8nEPH3GgurEF4lZWx0M:29tvWrASjjL17/9BODtoPgumV

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf
    /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:1565

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads