0c6ade258e6c07b31b300ef0bf9752354ce8252e875c487f0420a758e85ad6e3

Analysis

max time kernel
149s
max time network
150s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
12-11-2024 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

meerkat.arm7.elf
Size

163KB
MD5

fee06c31fd25bdfd971c5a35c31ac4b5
SHA1

2abdba915d86cc16754360b9d4536fed1bd1236c
SHA256

0c6ade258e6c07b31b300ef0bf9752354ce8252e875c487f0420a758e85ad6e3
SHA512

58c51a8a8e402427e4c92a68b60fd1b1e76558ca9f0b75d5bde2eef4dbb5d1abae06ef0caa75094de9ef935a49194f8d0ad082cd3026002a7ad8fa92877460b4
SSDEEP

3072:sYReNV2Bsb5s3fa8vM1a+vyJ+Lfnzjsp+T4CUM/9MoDhkilJM:sY0NEC2fa8vM1a+m+/4p+TuM/9XDzJM

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (23505) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

Processes:

meerkat.arm7.elf

description	ioc	Process
File opened for modification	/dev/watchdog	meerkat.arm7.elf
File opened for modification	/dev/misc/watchdog	meerkat.arm7.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 31 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

meerkat.arm7.elf

description	ioc	Process
File opened for reading	/proc/782/smaps	meerkat.arm7.elf
File opened for reading	/proc/784/smaps	meerkat.arm7.elf
File opened for reading	/proc/776/smaps	meerkat.arm7.elf
File opened for reading	/proc/715/smaps	meerkat.arm7.elf
File opened for reading	/proc/757/smaps	meerkat.arm7.elf
File opened for reading	/proc/764/smaps	meerkat.arm7.elf
File opened for reading	/proc/779/smaps	meerkat.arm7.elf
File opened for reading	/proc/647/smaps	meerkat.arm7.elf
File opened for reading	/proc/774/smaps	meerkat.arm7.elf
File opened for reading	/proc/778/smaps	meerkat.arm7.elf
File opened for reading	/proc/780/smaps	meerkat.arm7.elf
File opened for reading	/proc/645/smaps	meerkat.arm7.elf
File opened for reading	/proc/602/smaps	meerkat.arm7.elf
File opened for reading	/proc/603/smaps	meerkat.arm7.elf
File opened for reading	/proc/759/smaps	meerkat.arm7.elf
File opened for reading	/proc/766/smaps	meerkat.arm7.elf
File opened for reading	/proc/770/smaps	meerkat.arm7.elf
File opened for reading	/proc/600/smaps	meerkat.arm7.elf
File opened for reading	/proc/651/smaps	meerkat.arm7.elf
File opened for reading	/proc/650/smaps	meerkat.arm7.elf
File opened for reading	/proc/711/smaps	meerkat.arm7.elf
File opened for reading	/proc/723/smaps	meerkat.arm7.elf
File opened for reading	/proc/758/smaps	meerkat.arm7.elf
File opened for reading	/proc/768/smaps	meerkat.arm7.elf
File opened for reading	/proc/595/smaps	meerkat.arm7.elf
File opened for reading	/proc/659/smaps	meerkat.arm7.elf
File opened for reading	/proc/582/smaps	meerkat.arm7.elf
File opened for reading	/proc/646/smaps	meerkat.arm7.elf
File opened for reading	/proc/680/smaps	meerkat.arm7.elf
File opened for reading	/proc/772/smaps	meerkat.arm7.elf
File opened for reading	/proc/640/smaps	meerkat.arm7.elf

/tmp/meerkat.arm7.elf
/tmp/meerkat.arm7.elf
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads