37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8

Analysis

max time kernel
0s
max time network
3s
platform
debian-9_mips
resource
debian9-mipsbe-20240729-en
resource tags

arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
14/01/2025, 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
Size

104KB
MD5

0b337eb9a74fdd0d0f2006e4ed7f4c70
SHA1

d31c8c801601c935f0b96efb1dd6ecc47414e800
SHA256

37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8
SHA512

ad0897247af3a62f1e9bfca9ddd95e8c4f27e7abc0bafb7f982aaf7a23aad3e14acaf7ee2cf1294a641e1e8bcf9f0db3b535179d1100aec4f8a90c096e517339
SSDEEP

1536:rWSIow5K0LU/RO1LwHVjShCL8kzmEmfrhdogZeB9il61d60qH:xCfU/ROtsjShCL8kzmEmfNdhGi4XqH

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for modification	/dev/misc/watchdog	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/24/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/77/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/331/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/367/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/700/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/72/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/232/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/385/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/1/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/6/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/13/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/19/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/70/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/425/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/675/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/4/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/5/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/7/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/20/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/677/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/157/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/334/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/710/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/15/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/22/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/37/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/110/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/152/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/36/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/75/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/705/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/706/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/712/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/12/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/14/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/73/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/678/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/713/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/71/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/76/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/82/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/172/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/707/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/3/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/9/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/10/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/78/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/81/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/16/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/380/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/8/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/21/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/11/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/247/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/123/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/379/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/701/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/703/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/2/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/74/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/122/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/672/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/686/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
File opened for reading	/proc/23/cmdline	37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf

/tmp/37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
/tmp/37c2cc2b739fa0ac2045a11611032505dc10cb6b70525eaa084a066886fdf4c8.elf
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:709

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...