Analysis
-
max time kernel
149s -
max time network
7s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
-
submitted
16-01-2025 02:51
General
-
Target
68c3e883730ae570c32a3edd7cd0eec315fd2512f534f7db1e01edd948029ea5.elf
-
Size
22KB
-
MD5
3c29464ff186f76d4d46fad02c6b5707
-
SHA1
26d46f4ac41b955196d7ffba02efd1357fcab907
-
SHA256
68c3e883730ae570c32a3edd7cd0eec315fd2512f534f7db1e01edd948029ea5
-
SHA512
8654c5ced6f763ec192a6863cbfe79cf8fcd37540a1c394109afb808bd78d64a19b4311777df4a481c4322e06693dfd3b1fc89fb0add05cb1d7f25a858a4f94e
-
SSDEEP
384:4W+PGWtuu+DkObRSLYArsED6MvHyjjGhJRXqRHdOjVNYQu0O/AmVbkKyphJgGlz7:LJWguakObYLaEOuOWgdOHXu0IRohJgGJ
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Traces itself 1 IoCs
Traces itself to prevent debugging attempts
-
Writes file to system bin folder 2 IoCs
-
Reads runtime system information 23 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/68c3e883730ae570c32a3edd7cd0eec315fd2512f534f7db1e01edd948029ea5.elf/tmp/68c3e883730ae570c32a3edd7cd0eec315fd2512f534f7db1e01edd948029ea5.elf1⤵
- Modifies Watchdog functionality
- Traces itself
- Writes file to system bin folder
- Reads runtime system information