Analysis

  • max time kernel
    135s
  • max time network
    147s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    14/10/2024, 02:04

General

  • Target

    e094fa55e07372a8937b51387f98b3a995980d4727a78480203ed31f783d1cf4.elf

  • Size

    43KB

  • MD5

    3cd0d2b3c9359e95d6522fb18508ec5f

  • SHA1

    f28ee5961f157611852e1f58f199256a1ac08e97

  • SHA256

    e094fa55e07372a8937b51387f98b3a995980d4727a78480203ed31f783d1cf4

  • SHA512

    8f9a0edc316c8820ead01be527f8910d9b3546eb1331ca323455e49734ff05ea9994f3912effd7e2a31cb89670191624e8928bc4ffbe3bdd196cab062b493741

  • SSDEEP

    768:oBZOKj8x/QSQ3y/4qFTOdeoJWBhdYnjWcBWDW4s5GyZDa6XXzeYUO9q3UELA:gXwQSYPqFHI8rOjBn4+9DXzetLA

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/e094fa55e07372a8937b51387f98b3a995980d4727a78480203ed31f783d1cf4.elf
    /tmp/e094fa55e07372a8937b51387f98b3a995980d4727a78480203ed31f783d1cf4.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:647

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads