Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    12-11-2024 02:27

General

  • Target

    66c8a4f5d7545e468edfe848609a9a2fd8e7aeb7a85f3fdda70674034b13eb68.elf

  • Size

    130KB

  • MD5

    c64270111458e29ab78e09aedd5e7806

  • SHA1

    ecc060d80168b1523603706ec1cff03d084d6639

  • SHA256

    66c8a4f5d7545e468edfe848609a9a2fd8e7aeb7a85f3fdda70674034b13eb68

  • SHA512

    014ff2e0c8e40e3552a6fac1610a2a2e19c1ef68ccb0b980dedf4106fbc1277e5dfbfd23b6995aa5c6704035998c06454c3990b8e3c518b0ae51d9def39015cc

  • SSDEEP

    3072:exAlz/Ae377xw4Fw1+eRYTEhrdFxfdgDM/9KOkGU:E0jAeL7JFw1+eKQhpfd4M/9KhGU

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory 1 TTPs 30 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

  • Changes its process name 1 IoCs

Processes

  • /tmp/66c8a4f5d7545e468edfe848609a9a2fd8e7aeb7a85f3fdda70674034b13eb68.elf
    /tmp/66c8a4f5d7545e468edfe848609a9a2fd8e7aeb7a85f3fdda70674034b13eb68.elf
    1⤵
    • Modifies Watchdog functionality
    • Reads process memory
    • Changes its process name
    PID:638

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads