Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    12-11-2024 03:01

General

  • Target

    d683ac0fa9513e0a7f14ef083e3c49a7816f1cfd5ad61919dc37f7e45d57c866.elf

  • Size

    58KB

  • MD5

    15002dd354fe9805a35c818e599cd195

  • SHA1

    87ecc7e747938a21b6d97a8bbbe0929ae1fe1ebd

  • SHA256

    d683ac0fa9513e0a7f14ef083e3c49a7816f1cfd5ad61919dc37f7e45d57c866

  • SHA512

    68dfc26bab44c722982c39db51604bda04972f64a3ebac4ed29ec4da20c9ad265c2e7c62d26dd64cc67b115f4b9bc9d9cdf0743d36e74294510579596b3803f4

  • SSDEEP

    768:ds+Vmz0XyboxDHdYGCyvMEcqXrgT8Rv7EolgG18HBTPOlRwoCK/1DLBNOoFYYauT:6+kICwDyGjrgclPYBjOlRrzFyM

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory 1 TTPs 31 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

  • Changes its process name 1 IoCs

Processes

  • /tmp/d683ac0fa9513e0a7f14ef083e3c49a7816f1cfd5ad61919dc37f7e45d57c866.elf
    /tmp/d683ac0fa9513e0a7f14ef083e3c49a7816f1cfd5ad61919dc37f7e45d57c866.elf
    1⤵
    • Modifies Watchdog functionality
    • Reads process memory
    • Changes its process name
    PID:646

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads