Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240729-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    12-11-2024 03:04

General

  • Target

    df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf

  • Size

    78KB

  • MD5

    3a93a22ca7af128a7068b81f971d56d8

  • SHA1

    8a73f9740e7fa24edbe597c9f0b0c8e9adf577e6

  • SHA256

    df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5

  • SHA512

    ae2a79f7d518db1f88a7e7e8964c0de3667866cfbe70906dd628ac055adea1c9069a2d42b1005b98cd057565d405b3df5dc43c61eac3e93a33797900e7ee9ffc

  • SSDEEP

    1536:N0Y9JXX1nJvpxyHJtOJHn8VQ9hWOUEXvVWf6a/x72rpnYBu:mGJtJvbyDOJ1UEfYf66KdYBu

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads process memory 1 TTPs 16 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

  • Changes its process name 1 IoCs

Processes

  • /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf
    /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf
    1⤵
    • Modifies Watchdog functionality
    • Reads process memory
    • Changes its process name
    PID:714

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads