31ef8891a4e27e7fdc4ccaf1db3b7ef70ade0c9648ab80bb06beb4a232ffe3f8

Analysis

max time kernel
136s
max time network
157s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
27/12/2024, 09:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

674-1-0x00008000-0x000236c8-memory.dmp
Size

96KB
MD5

909c0a3865ba05ba2020f642054bd1d5
SHA1

1b025eb4230fb22a08febbcd25fba84a847d209c
SHA256

31ef8891a4e27e7fdc4ccaf1db3b7ef70ade0c9648ab80bb06beb4a232ffe3f8
SHA512

c9308d4c4a9a48cb83aba2961b240212626a01f68562f2818276ca2528869503d1e904f8fa1e1ff8ef8380c040cc7af9793ab52168af8986bc07a182c8270a21
SSDEEP

3072:e0jlwv74BRae/xGPZ06v/mYp+C9T6MjC5:e0jlwyRae/xGPd/z+cT6OC5

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	674-1-0x00008000-0x000236c8-memory.dmp
File opened for modification	/dev/misc/watchdog	674-1-0x00008000-0x000236c8-memory.dmp

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	674-1-0x00008000-0x000236c8-memory.dmp
File opened for modification	/bin/watchdog	674-1-0x00008000-0x000236c8-memory.dmp

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/167/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/10/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/41/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/139/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/141/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/42/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/107/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/213/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/297/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/186/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/581/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/17/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/20/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/23/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/24/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/284/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/594/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/641/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/649/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/18/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/22/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/25/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/76/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/264/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/601/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/12/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/16/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/109/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/152/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/9/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/268/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/11/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/27/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/98/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/21/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/110/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/648/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/7/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/301/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/15/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/265/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/28/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/269/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/635/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/647/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/5/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/13/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/14/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/19/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/6/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/3/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/646/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/29/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/43/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/310/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/644/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/642/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/652/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/1/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/2/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/26/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/322/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/602/status	674-1-0x00008000-0x000236c8-memory.dmp
File opened for reading	/proc/4/status	674-1-0x00008000-0x000236c8-memory.dmp

/tmp/674-1-0x00008000-0x000236c8-memory.dmp
/tmp/674-1-0x00008000-0x000236c8-memory.dmp
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:649

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads