Analysis
-
max time kernel
149s -
max time network
147s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
07/03/2025, 05:43
Behavioral task
behavioral1
Sample
a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf
Resource
debian9-armhf-20240729-en
debian-9-armhf
6 signatures
150 seconds
General
-
Target
a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf
-
Size
50KB
-
MD5
3c408fb97d7c344322e2390513cdaae1
-
SHA1
b2489131e0044748ee2f8c577163cc1af639137f
-
SHA256
a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d
-
SHA512
693462d4aa4eaebd8f623b3518dc8f89a0ee1add46d7fdf71f98814874d8e85116e3f5dcaceab01041d0d5f04efab2ffd0d0f3b159e2fbdc7e42ec1832406326
-
SSDEEP
768:DMnolJlR+K9COmVBjECJNJvOn3vej77ogZuh8rom/h14BGINsJSknK4Lg:uolTsYCJ3mnfe3Vuh8sm5OEfrF
Score
7/10
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for modification /dev/misc/watchdog a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf -
Renames itself 1 IoCs
pid Process 643 a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf -
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 168.235.111.72 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself kthreadd 643 a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf -
description ioc Process File opened for reading /proc/1/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/41/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/107/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/8/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/11/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/75/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/220/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/643/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/285/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/589/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/28/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/13/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/22/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/27/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/592/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/638/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/16/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/17/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/284/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/10/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/12/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/15/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/20/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/97/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/139/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/23/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/25/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/105/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/276/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/314/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/641/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/137/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/147/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/287/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/576/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/642/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/3/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/6/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/26/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/164/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/587/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/640/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/7/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/636/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/29/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/42/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/14/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/19/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/108/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/142/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/4/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/18/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/272/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/273/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/309/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/24/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/2/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/332/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/601/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/307/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/635/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/5/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/9/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf File opened for reading /proc/21/comm a11c7c184bb3c5237c9173a27d8da8b880c171939945216bc4cdabb61d0e0c9d.elf