Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    09-11-2024 09:13

General

  • Target

    62e0ec59f989335be5fbf630a49da4ea.elf

  • Size

    36KB

  • MD5

    62e0ec59f989335be5fbf630a49da4ea

  • SHA1

    43bdde1afd1089008539973b08e35dd66fb7451a

  • SHA256

    c3ae1058890bf151d5d464a608b68e2c377d4d31043e3883efb0d8a20685ab15

  • SHA512

    ee8c5e36a0abc86c042630fcbd03f96459fe77cd8683498b77121c1a11befe59f72e3363989265317109f77df2d3c8633ccabc7e91581e3bdc363f29b8173b95

  • SSDEEP

    768:WwS0nQr9tpJEu0annIBqVqVHmwIHWUFtGtzXKTr+PUx0nZV:JOX80VqVi2otGtzXpcMZV

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/62e0ec59f989335be5fbf630a49da4ea.elf
    /tmp/62e0ec59f989335be5fbf630a49da4ea.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:1560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1560-1-0x0000000000400000-0x00000000005156e8-memory.dmp