Analysis

  • max time kernel
    135s
  • max time network
    147s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    09-11-2024 03:29

General

  • Target

    b6e0e56d091ac5bfff698216e96523627eefb1a16850455593b9f23002c11d2b.elf

  • Size

    35KB

  • MD5

    c3983be3cbc123cac5b6c45195578de7

  • SHA1

    1ab14fe1df1aca80908a67c955cc7e86783059dd

  • SHA256

    b6e0e56d091ac5bfff698216e96523627eefb1a16850455593b9f23002c11d2b

  • SHA512

    491ea904ed5ddf37febd76b0dfde15bd5e56f79f22e752988e20ccfd052dae312946543a27545429f582125a55d0df680e953c97c8c3dde0ed46517c9145e57a

  • SSDEEP

    768:prFs5me135wp1C+s9vbM5YNMygu+OR1juP3ACqtqNLIzLtZ6GNipmWs3Uoz7:p/eRSnQjMgVuP7qtqxgtASipm7z7

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/b6e0e56d091ac5bfff698216e96523627eefb1a16850455593b9f23002c11d2b.elf
    /tmp/b6e0e56d091ac5bfff698216e96523627eefb1a16850455593b9f23002c11d2b.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:645

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/645-1-0x00008000-0x00025990-memory.dmp