ce3fcb923990e59f2bcee0f811a868fa7a0abf2a461b54974977d1db6e940aee

Analysis

max time kernel
135s
max time network
137s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29/10/2024, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zmap.arm.elf
Size

74KB
MD5

823958d1dbb59368ec9cb465345ede82
SHA1

4246851d3b9f1b59c45e2069fc1e204fa2937fc6
SHA256

ce3fcb923990e59f2bcee0f811a868fa7a0abf2a461b54974977d1db6e940aee
SHA512

2598ed24790e8e29fe7e54c8b06c65bc58a55348a0eb20359d6b25eeee0d5565b5746915c6f07f6149f8c0fa8ffac3a060bb7b794d36dbfeaeb40f8aebe4803d
SSDEEP

1536:+jdTb69MAWg92P72qa9H4S5wPX6WZeqLeBZebFvTsA:+jd14H4QWZetb0Ts

Score

7^/10

defense_evasion

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
644	zmap.arm.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	zmap.arm.elf
File opened for modification	/dev/misc/watchdog	zmap.arm.elf

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/bin/watchdog	zmap.arm.elf
File opened for modification	/sbin/watchdog	zmap.arm.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	mrk4kcrka1auv03a	644	zmap.arm.elf

/tmp/zmap.arm.elf
/tmp/zmap.arm.elf
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name
PID:644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads