Analysis

  • max time kernel
    136s
  • max time network
    155s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    13/10/2024, 19:47

General

  • Target

    3cd0d2b3c9359e95d6522fb18508ec5f.elf

  • Size

    43KB

  • MD5

    3cd0d2b3c9359e95d6522fb18508ec5f

  • SHA1

    f28ee5961f157611852e1f58f199256a1ac08e97

  • SHA256

    e094fa55e07372a8937b51387f98b3a995980d4727a78480203ed31f783d1cf4

  • SHA512

    8f9a0edc316c8820ead01be527f8910d9b3546eb1331ca323455e49734ff05ea9994f3912effd7e2a31cb89670191624e8928bc4ffbe3bdd196cab062b493741

  • SSDEEP

    768:oBZOKj8x/QSQ3y/4qFTOdeoJWBhdYnjWcBWDW4s5GyZDa6XXzeYUO9q3UELA:gXwQSYPqFHI8rOjBn4+9DXzetLA

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/3cd0d2b3c9359e95d6522fb18508ec5f.elf
    /tmp/3cd0d2b3c9359e95d6522fb18508ec5f.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:703

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads