Analysis
-
max time kernel
136s -
max time network
148s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
26-12-2024 21:02
Behavioral task
behavioral1
Sample
ub8ehJSePAfc9FYqZIT6.mpsl.elf
Resource
debian9-mipsel-20240729-en
debian-9-mipsel
6 signatures
150 seconds
General
-
Target
ub8ehJSePAfc9FYqZIT6.mpsl.elf
-
Size
43KB
-
MD5
334ce6283bd34fb3e52d6f2a2c1ebc0d
-
SHA1
61489546d76cdd9655ef162e9c72b85d27f701cc
-
SHA256
75247ca1e89eaa7deee854275831b0965e9ad9677cdbf1fa5f96e88d68a24710
-
SHA512
c36eb7e339dbf00c2533c444343a9be46468990d6f1124ea361d68d54afcd4faa427436cd7af3d625a0988465ec28fa8c711ac472eaf4fc51860a0b461847f0b
-
SSDEEP
768:sXDzmAafwB5kfY+r39Frew/RBek/VRW6cLJ7xzrUWlTaQ9g6yuy7QOFOrWE:KDtMwEzaWRTavAW5a8g6qQOEh
Score
10/10
Malware Config
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for modification /dev/misc/watchdog ub8ehJSePAfc9FYqZIT6.mpsl.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for modification /bin/watchdog ub8ehJSePAfc9FYqZIT6.mpsl.elf -
description ioc Process File opened for reading /proc/75/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/79/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/695/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/363/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/671/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/682/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/7/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/72/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/82/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/15/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/37/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/70/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/127/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/384/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/10/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/14/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/36/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/673/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/703/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/22/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/23/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/660/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/84/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/702/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/1/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/8/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/77/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/369/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/706/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/4/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/13/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/362/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/20/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/24/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/178/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/386/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/698/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/3/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/5/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/16/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/128/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/163/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/334/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/700/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/111/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/707/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/18/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/19/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/71/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/696/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/12/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/21/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/76/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/74/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/81/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/160/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/337/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/420/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/6/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/11/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/17/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/701/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/73/status ub8ehJSePAfc9FYqZIT6.mpsl.elf File opened for reading /proc/395/status ub8ehJSePAfc9FYqZIT6.mpsl.elf