2ec7cd7be9c21bafb69fbf40a9b1c7ac286337a1f8688a1e2ce621becd22bafa

Analysis

max time kernel
131s
max time network
150s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
09/03/2025, 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

morte.arm7.elf
Size

151KB
MD5

11f6f782b4b1c5d7d338bc4ed60b6d0e
SHA1

adff5c5b2c268b0f0fb06f5bfa3b7f3cc783f350
SHA256

2ec7cd7be9c21bafb69fbf40a9b1c7ac286337a1f8688a1e2ce621becd22bafa
SHA512

648e8f9e08fd3a234e8b8a86c89bb827f3bdd1c129e31ec673bdc09081292477187fe0adb98147000e194aa5a44c28d346e274ebc1530289bd98f228d1bb8862
SSDEEP

3072:hkWSzOByZZah9rq89iWsWNR3vvfDopM/RZmYot:zSziQZah9rqulR3vnspM/RZmVt

Score

7^/10

defense_evasion

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	morte.arm7.elf
File opened for modification	/dev/misc/watchdog	morte.arm7.elf

/tmp/morte.arm7.elf
/tmp/morte.arm7.elf
1⤵
- Modifies Watchdog functionality
PID:646

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads