3e69ace87e5c65a23b590d6d5a472bcd3c308c48fd039b2a1a0c6fa54ce76705

Analysis

max time kernel
148s
max time network
151s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
11-01-2025 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

708-1-0x00400000-0x0045af60-memory.dmp
Size

98KB
MD5

2feab8433ca4c5483836ddd088667086
SHA1

0e4ab03c9b109c4c2fe87393242dee5d3761d2e3
SHA256

3e69ace87e5c65a23b590d6d5a472bcd3c308c48fd039b2a1a0c6fa54ce76705
SHA512

4d94ce0739e9fac685ae3783daa9a7d1a626f7f93b2d5b8656b7bd236a042e0650a20a303404bf64e44fdf6260a4987fbb4224213c50045ae1e299d64904101a
SSDEEP

1536:HpaZOuT/Q30SQXa1r3J62yqPy/RWLW0edmpwjeNNYC:0ZzTJa1rZ62yqPy/ULWzjeNNl

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	708-1-0x00400000-0x0045af60-memory.dmp
File opened for modification	/dev/misc/watchdog	708-1-0x00400000-0x0045af60-memory.dmp

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	708-1-0x00400000-0x0045af60-memory.dmp
File opened for modification	/bin/watchdog	708-1-0x00400000-0x0045af60-memory.dmp

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/3/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/14/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/70/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/77/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/157/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/8/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/10/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/18/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/23/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/24/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/84/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/679/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/680/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/706/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/708/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/15/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/72/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/354/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/355/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/124/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/359/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/380/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/703/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/712/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/2/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/13/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/71/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/76/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/82/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/81/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/386/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/676/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/1/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/7/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/9/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/19/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/21/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/672/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/20/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/22/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/69/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/174/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/356/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/79/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/125/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/6/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/16/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/17/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/36/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/73/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/4/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/68/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/111/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/381/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/701/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/11/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/154/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/353/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/681/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/700/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/419/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/705/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/707/status	708-1-0x00400000-0x0045af60-memory.dmp
File opened for reading	/proc/5/status	708-1-0x00400000-0x0045af60-memory.dmp

/tmp/708-1-0x00400000-0x0045af60-memory.dmp
/tmp/708-1-0x00400000-0x0045af60-memory.dmp
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads