Analysis
-
max time kernel
123s -
max time network
167s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
18-10-2024 01:45
Behavioral task
behavioral1
Sample
57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
2 signatures
150 seconds
General
-
Target
57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf
-
Size
135KB
-
MD5
61e50ebda8d1ecb196da9cd28e768f12
-
SHA1
6a439043d1d79d6941b612bb2c494763fc1380ba
-
SHA256
57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a
-
SHA512
fd880429d24191add20b082e9775b4bf0af8253ca4545bdffa784f197e78c5d8b4d72e5870904f71412f4772dd1d2057515cbd252e0eb726e1c166718fb6be64
-
SSDEEP
3072:6ql/0Y5lBv69HsWF5ewSFplGkMIRIy8ImTQNIQXc7H:aWvcMtXplGkRRIy8ImTQNIGc7H
Score
7/10
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elfdescription ioc process File opened for modification /dev/watchdog 57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf File opened for modification /dev/misc/watchdog 57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf -
Changes its process name 1 IoCs
Processes:
57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elfdescription pid process Changes the process name, possibly in an attempt to hide itself 656 57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf