Analysis
-
max time kernel
131s -
max time network
146s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
23-12-2024 02:22
Behavioral task
behavioral1
Sample
ub8ehJSePAfc9FYqZIT6.mpsl.elf
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
6 signatures
150 seconds
General
-
Target
ub8ehJSePAfc9FYqZIT6.mpsl.elf
-
Size
43KB
-
MD5
37ccb9c48c119a0aa006eefd191d004e
-
SHA1
532e677b74052573773cb028cb0f534a311719b7
-
SHA256
2180518456e17aadf43aae367057c8aa101839b81aa5fee6915b0f5898fecf8b
-
SHA512
9a4c46b87d1dd1c07aa6f3995836ee133ce237f6aa849e8e772589b7d92dbc9b738976af6f292b2e5b63a92d98c885c2a6bf1992ed6a77809e39360653aa19bc
-
SSDEEP
768:PXDzmAafwB5kfY+r39Frew/RBek/VRW6cLJ7xzrUWlTaQ9g6yuy7QOxyfHSm8Evn:/DtMwEzaWRTavAW5a8g6qQO0fHSm8Ev
Score
10/10
Malware Config
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for modification /dev/misc/watchdog ub8ehJSePAfc9FYqZIT6.mpsl.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for modification /bin/watchdog ub8ehJSePAfc9FYqZIT6.mpsl.elf -
description ioc Process File opened for reading /proc/78/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/668/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/689/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/690/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/696/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/2/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/7/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/354/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/382/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/4/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/238/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/36/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/70/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/347/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/692/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/694/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/695/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/8/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/14/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/697/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/77/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/115/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/155/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/349/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/352/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/383/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/16/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/23/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/13/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/20/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/72/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/75/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/659/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/673/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/5/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/12/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/15/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/81/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/140/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/350/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/9/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/10/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/114/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/326/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/17/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/73/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/104/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/701/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/3/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/11/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/37/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/74/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/19/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/22/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/24/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/663/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/6/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/18/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/148/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/21/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/71/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/667/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/76/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/386/status ub8ehJSePAfc9FYqZIT6.mpsl.elf