Analysis

  • max time kernel
    149s
  • max time network
    4s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    09-11-2024 04:07

General

  • Target

    fef5559fe3a9e12f46093d294db90d5feb10981f158ffa3569c7558629049668.elf

  • Size

    21KB

  • MD5

    ac9ed1f09a0dd9f2c77b863ab4e1a936

  • SHA1

    6c1c832f9516d7c09ffaca8fead42d3342e11a19

  • SHA256

    fef5559fe3a9e12f46093d294db90d5feb10981f158ffa3569c7558629049668

  • SHA512

    4e1370f62d596d790dbd1ef5c1ed01c91da0e1f89da868828bb1f58a72b8e442343f58ee719eba8a5c26058ca3c6e9ad76f26bf991f51a154af0ee1d38d9f4d1

  • SSDEEP

    384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjXhymdGUop5hR:vvQn4j+ZO5fKAlxTs3Uozj

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 32 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/fef5559fe3a9e12f46093d294db90d5feb10981f158ffa3569c7558629049668.elf
    /tmp/fef5559fe3a9e12f46093d294db90d5feb10981f158ffa3569c7558629049668.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/656-1-0x00008000-0x0001dca4-memory.dmp