404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4

Analysis

max time kernel
0s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
21-11-2024 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4.elf
Size

137KB
MD5

b7676c3e8f1dbe7249a1e0c7b79bec39
SHA1

ea2f2a2dab923a30ab7ef68b39751ebc2963316f
SHA256

404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4
SHA512

fa3af98c7cae7cd4e56ce23bbac8e85102e659d724646af5d8537e92ddff65fdeb331d3087c6cf44dc0706a0306ee8aebd228ea1568dd03f844cb43204aa172f
SSDEEP

3072:xBo21bO07596MDqVXCAI6XChf3YSFOqU0ObRwYDM/94vZPI:xBo21bO075i86XChfoqOuObRTDM/94v6

Score

7^/10

defense_evasion

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

Processes:

404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4.elf

description	ioc	process
File opened for modification	/dev/watchdog	404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4.elf
File opened for modification	/dev/misc/watchdog	404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4.elf

Changes its process name 1 IoCs

Processes:

404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	/var/Sofia	648	404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4.elf

/tmp/404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4.elf
/tmp/404a440d37442075abf73182bb8e824832d8376523c9afa6f287ab13b592fbb4.elf
1⤵
- Modifies Watchdog functionality
- Changes its process name
PID:648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads