Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    24-12-2024 01:07

General

  • Target

    5c26d99fcb4734a9fa1e742d0a2b79de476ad150afd2ab87212766a458eb3475.elf

  • Size

    36KB

  • MD5

    3c733927caaa196b216421abb32e2632

  • SHA1

    0c2443725d846b98d0f43fd04d914fc9f0848595

  • SHA256

    5c26d99fcb4734a9fa1e742d0a2b79de476ad150afd2ab87212766a458eb3475

  • SHA512

    531651740555a3e4291b9de2a326a4dc5e69088e64264827f1a1f32be8882db930f183e8a145967e8d0976119e3e3d21ff95b9fdd80f3a20b63b801b3d790f08

  • SSDEEP

    768:Wkjvsa/voIrhf79v0ewoZ6SbFGx3aSbYwVmUx0nZB:NzHzJyKZ6Scx3a0Y2MZB

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/5c26d99fcb4734a9fa1e742d0a2b79de476ad150afd2ab87212766a458eb3475.elf
    /tmp/5c26d99fcb4734a9fa1e742d0a2b79de476ad150afd2ab87212766a458eb3475.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:1575

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads