9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5

Analysis

max time kernel
149s
max time network
150s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
20-11-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
Size

61KB
MD5

84a335de90db4b64f9c844f8e8edf063
SHA1

223afeab3f986f7e315b9ace5cc6cea572bee6c4
SHA256

9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
SHA512

37b0066f20f8c3e07727bac115b8634b4a92f9318e3233485e918a0a1e538462ae496bc23c2ba90d5000d50e64622c5e97a5a5c1de59c1dea159ae1b493f51d1
SSDEEP

768:yrzc1ET3w+PSZtIPXxKhDN2XOZPlWXrn5uOeEeJmegepslLqAEnWXi+o2Snpp79:yv0ET4ZtIXxK1N2Znt9Mmbey8WSb

Score

7^/10

credential_access defense_evasion

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

Processes:

9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5

description	ioc	process
File opened for modification	/dev/watchdog	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for modification	/dev/misc/watchdog	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5

Reads process memory 1 TTPs 16 IoCs

Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

credential_access

Proc Filesystem

T1003.007

Processes:

9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5

description	ioc	process
File opened for reading	/proc/731/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/451/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/689/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/738/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/750/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/732/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/744/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/746/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/767/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/685/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/688/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/736/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/737/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/742/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/682/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
File opened for reading	/proc/717/maps	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5

Changes its process name 1 IoCs

Processes:

9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	740	9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5

/tmp/9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
/tmp/9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
1⤵
- Modifies Watchdog functionality
- Reads process memory
- Changes its process name
PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

OS Credential Dumping

T1003

Proc Filesystem

T1003.007

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads