3a3417ada962d7e97f9d95904437145c304bb2d9198c3965561a41593afdb8a8

Analysis

max time kernel
146s
max time network
150s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
07-12-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a3417ada962d7e97f9d95904437145c304bb2d9198c3965561a41593afdb8a8.elf
Size

117KB
MD5

2e41dcc24f803583b3edd434f54cd318
SHA1

9c07b5d98a600647a60b3f7ab9546fa023276882
SHA256

3a3417ada962d7e97f9d95904437145c304bb2d9198c3965561a41593afdb8a8
SHA512

3aedb8bae0239cb6c15f0bf15729c669e328cac06f07569a01dff395fd46a0a67f50d7498d8af45c89d6d433c76ac17b013e2733eda77a8583073ec06da380a2
SSDEEP

3072:hQrFRNfuLrGhEPOD0+g3gNlmBoHQuQekQnYW:IFzuaEGQ+g3CmBoHQuQekQnYW

Score

7^/10

defense_evasion

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	3a3417ada962d7e97f9d95904437145c304bb2d9198c3965561a41593afdb8a8.elf
File opened for modification	/dev/misc/watchdog	3a3417ada962d7e97f9d95904437145c304bb2d9198c3965561a41593afdb8a8.elf

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	667	3a3417ada962d7e97f9d95904437145c304bb2d9198c3965561a41593afdb8a8.elf

/tmp/3a3417ada962d7e97f9d95904437145c304bb2d9198c3965561a41593afdb8a8.elf
/tmp/3a3417ada962d7e97f9d95904437145c304bb2d9198c3965561a41593afdb8a8.elf
1⤵
- Modifies Watchdog functionality
- Changes its process name
PID:667

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads