Analysis
-
max time kernel
132s -
max time network
161s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
05/12/2024, 01:58
Behavioral task
behavioral1
Sample
1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
9 signatures
150 seconds
General
-
Target
1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf
-
Size
29KB
-
MD5
fc06a992091f3225a9c0d76a173e1474
-
SHA1
aaea0556b71f3449693b50b45e4316945b2f9e61
-
SHA256
1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960
-
SHA512
a0aaca09ec057876cd8599935cd5dc7170a7702b2fb9baa31ae8713680cfe08fe9285e40a08dc4ddbba9ca8566acc8ff89a75937b52e2adcfa56a07465fae14a
-
SSDEEP
768:wA4uBc0T/nVvqV072G+IFYoXHZCx3Gbpws3Uozp:wPuB7/nVMYn+Kf5VDzp
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Contacts a large (19934) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for modification /dev/misc/watchdog 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf -
description ioc Process File opened for reading /proc/442/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/653/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/684/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/787/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/306/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/329/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/789/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/286/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/287/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/438/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/167/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/785/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/677/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/652/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/783/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/795/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/1/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/304/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/657/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/794/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/781/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/793/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/665/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/613/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/646/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/799/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/613/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/791/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/398/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/661/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/222/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/653/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/668/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/self/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/719/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/658/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/663/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/667/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/659/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/673/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/746/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/788/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/318/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/661/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/137/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/797/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/442/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/288/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/394/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/671/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/274/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/652/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/672/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/668/exe 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/284/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf File opened for reading /proc/438/fd 1f88fcb9fb20bad5090e994dce0ace01ad642352774190dc6d8cc96cf0dd0960.elf