Analysis

  • max time kernel
    148s
  • max time network
    34s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    09-11-2024 04:05

General

  • Target

    fc4933008b0b05d319c768deb7d3e21cc2a563285c57b4677a5b5fc740f29f1c.elf

  • Size

    45KB

  • MD5

    f3a56db1706e690b850f58d055fb90ac

  • SHA1

    54616d25ab81722602ff0bdee425d6578ad67957

  • SHA256

    fc4933008b0b05d319c768deb7d3e21cc2a563285c57b4677a5b5fc740f29f1c

  • SHA512

    26a9522cd413fa9316fa1d910ea775dc61ff0de3262a89cca9928e424fdc49e09217ffde644e46a57dec252032da72ffd97e9f02781361a074d6bd02a4423f1a

  • SSDEEP

    768:D/TYCoIxdEk+AxoTZAZHFeq8b3Lo9q3UELbUXfi6nVMQHI4vcGpvw:DECFd+A6YHAxVLRQZw

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 33 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/fc4933008b0b05d319c768deb7d3e21cc2a563285c57b4677a5b5fc740f29f1c.elf
    /tmp/fc4933008b0b05d319c768deb7d3e21cc2a563285c57b4677a5b5fc740f29f1c.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:642

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/642-1-0x00008000-0x00026464-memory.dmp