Analysis

  • max time kernel
    135s
  • max time network
    147s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240729-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    09-11-2024 03:18

General

  • Target

    a1304e2ecf4d039fc2a225c9b45d904621f447008c9c49bcb8ca1e56b285bb47.elf

  • Size

    43KB

  • MD5

    85cab25fb6f5479776f5cfce63bd6c18

  • SHA1

    945b36a23744bb2ebb2f6200e8c4e09bdf8d03d1

  • SHA256

    a1304e2ecf4d039fc2a225c9b45d904621f447008c9c49bcb8ca1e56b285bb47

  • SHA512

    184851cdf1c6ba5edcb728a0c8c22c3f19b391457a1f7f48c76fd68b9214fe17a92f50da8481c43202ec00d5ce07362a7177e9191f08333a47f44349d4db6cd4

  • SSDEEP

    768:57ph1LjFGpx652lJXasyEk6JGbr6MWiNIx8FkIH5JgGlzDpbuR1JXJ:5zA65yk6JGbrbNwQJHrVJu7

Malware Config

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/a1304e2ecf4d039fc2a225c9b45d904621f447008c9c49bcb8ca1e56b285bb47.elf
    /tmp/a1304e2ecf4d039fc2a225c9b45d904621f447008c9c49bcb8ca1e56b285bb47.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:718

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/718-1-0x00400000-0x0043cffc-memory.dmp