fc03a4fb38ed1ef9da5812a2243a65975d2fdeb6d555a9d59c839359fa79722b

Analysis

max time kernel
0s
max time network
2s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
13-12-2024 09:19

Sharing

Copy URL

Twitter E-mail

Reason

Reading agent response: unexpected EOF

Report Analysis Logs

General

Target

byte.arm7.elf
Size

174KB
MD5

19547bbc78e371f9cc8720cd4507b8cd
SHA1

dd89d08565c3bfb4b0f7035138f0041dcf674b76
SHA256

fc03a4fb38ed1ef9da5812a2243a65975d2fdeb6d555a9d59c839359fa79722b
SHA512

a81cb1aafef9ecd3fd1427004276b251af45e04c90d691198b7ca56d63fa109575d785b7c09c4f07dccafc2c7aa3a49f559474f55893b8ac6718a0a25e22b068
SSDEEP

3072:hPaJa2+7oLmpMguHcUZVUHalw7W4uH0fsfCikyAaTpUnu1A6YVZP6QEt+q4eMXCD:hPaJaL7oLmpMguHcUZVUHalw7W4uH0fg

Score

7^/10

defense_evasion

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	byte.arm7.elf
File opened for modification	/dev/misc/watchdog	byte.arm7.elf

/tmp/byte.arm7.elf
/tmp/byte.arm7.elf
1⤵
- Modifies Watchdog functionality
PID:671

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads