57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a

Analysis

max time kernel
123s
max time network
167s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
18-10-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf
Size

135KB
MD5

61e50ebda8d1ecb196da9cd28e768f12
SHA1

6a439043d1d79d6941b612bb2c494763fc1380ba
SHA256

57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a
SHA512

fd880429d24191add20b082e9775b4bf0af8253ca4545bdffa784f197e78c5d8b4d72e5870904f71412f4772dd1d2057515cbd252e0eb726e1c166718fb6be64
SSDEEP

3072:6ql/0Y5lBv69HsWF5ewSFplGkMIRIy8ImTQNIQXc7H:aWvcMtXplGkRRIy8ImTQNIGc7H

Score

7^/10

defense_evasion

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

Processes:

57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf

description	ioc	process
File opened for modification	/dev/watchdog	57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf
File opened for modification	/dev/misc/watchdog	57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf

Changes its process name 1 IoCs

Processes:

57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf

description	pid	process
Changes the process name, possibly in an attempt to hide itself	656	57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf

/tmp/57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf
/tmp/57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf
1⤵
- Modifies Watchdog functionality
- Changes its process name
PID:656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads