Analysis

  • max time kernel
    135s
  • max time network
    150s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    09-11-2024 04:02

General

  • Target

    f1aa8dc8f3985ea6bc7535424addcd5c004f6d64949a2b92a229ae785a88587a.elf

  • Size

    60KB

  • MD5

    bc240f3d7ce7eb0db9af1cf9e5520203

  • SHA1

    0ca1b1926293412e9c637760670d2a61d7d53143

  • SHA256

    f1aa8dc8f3985ea6bc7535424addcd5c004f6d64949a2b92a229ae785a88587a

  • SHA512

    dca89d8d6a6b700194926d211f01f194404209bfe69b90f733b83c2958b35a37ec15e84500878467a525042d26a3a00784956d7f7b191217e5e42ff0efc92758

  • SSDEEP

    1536:F7XduYshWhq/HIEy6Og3Nwz9hAyYLSM5Tfv83KJGTb6R4h:BdpssMPR9w4yYLXTX83K0Tb6RC

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/f1aa8dc8f3985ea6bc7535424addcd5c004f6d64949a2b92a229ae785a88587a.elf
    /tmp/f1aa8dc8f3985ea6bc7535424addcd5c004f6d64949a2b92a229ae785a88587a.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:650

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/650-1-0x00008000-0x000236c8-memory.dmp