Analysis
-
max time kernel
150s -
max time network
159s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
19-12-2024 03:35
Behavioral task
behavioral1
Sample
a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf
Resource
debian12-armhf-20240221-en
debian-12-armhf
5 signatures
150 seconds
General
-
Target
a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf
-
Size
45KB
-
MD5
e23afc1c0d72fd41a5496599eb302310
-
SHA1
39b1a28969302e34bf62a1f40f23e8d2afd3f080
-
SHA256
a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359
-
SHA512
797ad56a159ee67e599d9967caf26555ef19424e56fdeda012a1e82df4b26d91d92647d8459967a54d3b6c561a4ccd3bd085657854eaa10ab01e95b12e57bcad
-
SSDEEP
768:D/TYCoIxdEk+AxoTZAZHFeq8b3Vm89q3UELbUXfi6nVMQHI4vcGpvJ:DECFd+A6YHAxsFLRQZJ
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/misc/watchdog a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for modification /dev/watchdog a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for modification /bin/watchdog a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf -
description ioc Process File opened for reading /proc/678/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/707/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/629/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/631/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/647/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/648/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/663/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/724/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/self/exe a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/665/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/699/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/706/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf File opened for reading /proc/714/cmdline a5a6e6ed77ed9a1faae5e1ddb5a55ceea6cf99f255720f7b159b646fe0032359.elf