Analysis
-
max time kernel
3998s -
max time network
145s -
platform
linux_amd64 -
resource
ubuntu-amd64 -
submitted
27-09-2021 18:58
Static task
static1
Behavioral task
behavioral1
Sample
X86_64
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
X86_64
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
X86_64
Resource
debian9-mipsbe
General
-
Target
X86_64
-
Size
79KB
-
MD5
28007c7ac1c6c2880279aeaab2c25f17
-
SHA1
ac64ad6324ac4ccf079dfd4c8255d1cbf3175306
-
SHA256
5fa70a36cc2ac68dfe216e4007848b7e90722a82acc7ca1778780b7393b3f735
-
SHA512
d8b63bd73cd59f852723fdf58ea661a56bb1924746b8c4b0a9ca609cc02a532d51b3d51ccbcc798b6f734365377bbef1cf5bd706f7359f560386855ed14f7547
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
X86_64description ioc process /proc/net/route /proc/net/route X86_64 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
X86_64description ioc process /proc/net/route /proc/net/route X86_64