b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b

Analysis

max time kernel
0s
max time network
3s
platform
debian-9_mipsel
resource
debian9-mipsel-20240418-en
resource tags

arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
14-01-2025 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
Size

106KB
MD5

1f564b30f022bdd9ee2bd99a63179697
SHA1

00ab81cb29ab37431c9625dd78a297d4a43507c0
SHA256

b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b
SHA512

ef75496422446fdfefe157f9714aa3a4134c29413699818c1f5c81dfd4ee5395865f6b2130a3cf916eccf8967b6029fc58bee66e7bd538abb8849f5ec736289c
SSDEEP

1536:EiuIJqfyQd84OB/Qc857JAZ559xWcfZcKalcMbl61d6kGGflDa:/ugqfyQdtu59jfpo4HGO1a

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for modification	/dev/misc/watchdog	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/14/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/111/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/154/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/667/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/10/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/375/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/2/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/710/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/68/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/77/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/704/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/18/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/71/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/81/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/37/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/17/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/327/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/376/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/702/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/707/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/8/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/244/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/360/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/674/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/75/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/36/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/358/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/361/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/12/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/78/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/381/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/709/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/6/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/703/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/11/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/84/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/119/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/169/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/15/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/120/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/675/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/5/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/3/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/23/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/73/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/74/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/76/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/82/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/432/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/1/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/698/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/13/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/16/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/21/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/149/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/331/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/681/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/4/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/24/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/70/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/697/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/19/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/9/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
File opened for reading	/proc/20/cmdline	b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf

/tmp/b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
/tmp/b3088592e76ee79e6ac44d3c63c8b625f7078dcca0fe4db971685baed90bd45b.elf
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:706

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads