8483a6304e55d43e0535908f505a966f3873c4064506437c94801cfdf78d7c76

Analysis

max time kernel
138s
max time network
162s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
27-12-2024 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

746-1-0x00400000-0x0043affc-memory.dmp
Size

169KB
MD5

e11b18137389b7376a56c9426c0b3b65
SHA1

1b0ae482a2136a6b1038bd9bad82571665ad295e
SHA256

8483a6304e55d43e0535908f505a966f3873c4064506437c94801cfdf78d7c76
SHA512

a79b3daf11f8cb6f1e7264a4fe5f7c99c51b6317fcf83a4212fed16ebb2286a6e040c5de1778f735773c133fc088781b2f07ffce466fb43a8c3b5afc98953d09
SSDEEP

1536:LIB5U4yVP3ODubf5fsOuQ1VbDrb2acdUgozxkq5sMElq4QrN:LujyP3R5fMOAa3zx15AoN

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	746-1-0x00400000-0x0043affc-memory.dmp
File opened for modification	/dev/misc/watchdog	746-1-0x00400000-0x0043affc-memory.dmp

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	746-1-0x00400000-0x0043affc-memory.dmp
File opened for modification	/bin/watchdog	746-1-0x00400000-0x0043affc-memory.dmp

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/53/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/136/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/714/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/3/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/9/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/112/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/118/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/22/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/47/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/421/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/745/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/19/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/20/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/26/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/31/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/743/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/362/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/694/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/712/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/2/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/10/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/30/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/113/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/137/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/202/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/630/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/720/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/732/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/34/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/37/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/48/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/410/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/717/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/25/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/33/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/740/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/4/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/16/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/111/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/404/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/731/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/59/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/13/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/15/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/27/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/28/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/29/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/631/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/710/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/5/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/7/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/12/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/344/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/397/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/396/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/635/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/735/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/1/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/8/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/14/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/21/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/23/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/6/status	746-1-0x00400000-0x0043affc-memory.dmp
File opened for reading	/proc/18/status	746-1-0x00400000-0x0043affc-memory.dmp

/tmp/746-1-0x00400000-0x0043affc-memory.dmp
/tmp/746-1-0x00400000-0x0043affc-memory.dmp
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads