Analysis
-
max time kernel
150s -
max time network
153s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
15-11-2024 02:07
Behavioral task
behavioral1
Sample
xd.mips.elf
Resource
debian9-mipsbe-20240611-en
debian-9-mips
8 signatures
150 seconds
General
-
Target
xd.mips.elf
-
Size
36KB
-
MD5
9296278248405f60ada64caca1ca95fa
-
SHA1
9188640941dd539dbf33425d5bf41428aa2e414f
-
SHA256
0ac04010c8734fe5478b19f7d22d9b52c29b3f6872f7683cf42de24e94f42639
-
SHA512
b3437a16b7698ef2d6f9e4d12dde3bbb7b0f19da211625b30c0d4e68b8938f044a18955757185e26ef2b600ee68c77eb3cd7229be0a4535f5f51f052fdfaddae
-
SSDEEP
768:M0sYkr9Ov0DCe18ayBA0kVaZLY8vzZJJxJgGlzDpbuR1JK:o9Y0V18a08Oz1VJuI
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Contacts a large (20453) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog xd.mips.elf File opened for modification /dev/misc/watchdog xd.mips.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory 1 TTPs 64 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
description ioc Process File opened for reading /proc/736/maps xd.mips.elf File opened for reading /proc/665/maps xd.mips.elf File opened for reading /proc/697/maps xd.mips.elf File opened for reading /proc/706/maps xd.mips.elf File opened for reading /proc/20/maps xd.mips.elf File opened for reading /proc/807/maps xd.mips.elf File opened for reading /proc/310/maps xd.mips.elf File opened for reading /proc/336/maps xd.mips.elf File opened for reading /proc/364/maps xd.mips.elf File opened for reading /proc/698/maps xd.mips.elf File opened for reading /proc/704/maps xd.mips.elf File opened for reading /proc/3/maps xd.mips.elf File opened for reading /proc/12/maps xd.mips.elf File opened for reading /proc/147/maps xd.mips.elf File opened for reading /proc/763/maps xd.mips.elf File opened for reading /proc/785/maps xd.mips.elf File opened for reading /proc/797/maps xd.mips.elf File opened for reading /proc/770/maps xd.mips.elf File opened for reading /proc/10/maps xd.mips.elf File opened for reading /proc/11/maps xd.mips.elf File opened for reading /proc/691/maps xd.mips.elf File opened for reading /proc/167/maps xd.mips.elf File opened for reading /proc/715/maps xd.mips.elf File opened for reading /proc/361/maps xd.mips.elf File opened for reading /proc/428/maps xd.mips.elf File opened for reading /proc/692/maps xd.mips.elf File opened for reading /proc/746/maps xd.mips.elf File opened for reading /proc/750/maps xd.mips.elf File opened for reading /proc/7/maps xd.mips.elf File opened for reading /proc/13/maps xd.mips.elf File opened for reading /proc/17/maps xd.mips.elf File opened for reading /proc/767/maps xd.mips.elf File opened for reading /proc/775/maps xd.mips.elf File opened for reading /proc/751/maps xd.mips.elf File opened for reading /proc/808/maps xd.mips.elf File opened for reading /proc/79/maps xd.mips.elf File opened for reading /proc/116/maps xd.mips.elf File opened for reading /proc/669/maps xd.mips.elf File opened for reading /proc/22/maps xd.mips.elf File opened for reading /proc/24/maps xd.mips.elf File opened for reading /proc/334/maps xd.mips.elf File opened for reading /proc/730/maps xd.mips.elf File opened for reading /proc/738/maps xd.mips.elf File opened for reading /proc/4/maps xd.mips.elf File opened for reading /proc/68/maps xd.mips.elf File opened for reading /proc/221/maps xd.mips.elf File opened for reading /proc/21/maps xd.mips.elf File opened for reading /proc/66/maps xd.mips.elf File opened for reading /proc/82/maps xd.mips.elf File opened for reading /proc/707/maps xd.mips.elf File opened for reading /proc/725/maps xd.mips.elf File opened for reading /proc/16/maps xd.mips.elf File opened for reading /proc/18/maps xd.mips.elf File opened for reading /proc/19/maps xd.mips.elf File opened for reading /proc/794/maps xd.mips.elf File opened for reading /proc/36/maps xd.mips.elf File opened for reading /proc/308/maps xd.mips.elf File opened for reading /proc/376/maps xd.mips.elf File opened for reading /proc/663/maps xd.mips.elf File opened for reading /proc/739/maps xd.mips.elf File opened for reading /proc/9/maps xd.mips.elf File opened for reading /proc/14/maps xd.mips.elf File opened for reading /proc/23/maps xd.mips.elf File opened for reading /proc/774/maps xd.mips.elf -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 700 xd.mips.elf