Analysis
-
max time kernel
137s -
max time network
154s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
02/12/2024, 19:02
Behavioral task
behavioral1
Sample
ub8ehJSePAfc9FYqZIT6.arm6.elf
Resource
debian12-armhf-20240221-en
debian-12-armhf
6 signatures
150 seconds
General
-
Target
ub8ehJSePAfc9FYqZIT6.arm6.elf
-
Size
43KB
-
MD5
e0a3908895c93452cc578571a518a78d
-
SHA1
782bfef6f4e2af5c61d70936a4d2546400614b08
-
SHA256
8815c224d2e4d5b8f00c1e1909565e7571477a1af936a783d6cb7b23a90509dd
-
SHA512
597c842d99d80b0debe91da507d748e537cf083a41674118ff779e7e684f85db12996e37e13c65c0e456f1b2b90c6d2717f281038a0a79171c05676c5a671ef5
-
SSDEEP
768:3wZyKJoofyfTtMLfclRAAO+jVbumZnLM3XgcTaWS5HOFk7SG9q3UEL2:UbjjOAgfnLGRMOSSrL2
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for modification /dev/misc/watchdog ub8ehJSePAfc9FYqZIT6.arm6.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for modification /bin/watchdog ub8ehJSePAfc9FYqZIT6.arm6.elf -
description ioc Process File opened for reading /proc/29/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/33/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/52/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/38/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/46/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/253/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/344/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/592/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/2/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/16/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/58/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/341/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/599/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/696/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/704/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/3/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/14/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/43/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/143/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/317/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/25/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/30/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/318/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/679/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/702/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/28/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/354/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/self/exe ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/1/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/5/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/9/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/12/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/35/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/74/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/665/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/19/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/21/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/23/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/24/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/34/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/680/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/18/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/343/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/15/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/188/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/207/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/212/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/453/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/20/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/323/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/708/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/144/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/309/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/703/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/10/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/11/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/13/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/26/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/57/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/7/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/22/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/36/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/47/status ub8ehJSePAfc9FYqZIT6.arm6.elf File opened for reading /proc/6/status ub8ehJSePAfc9FYqZIT6.arm6.elf