Analysis
-
max time kernel
0s -
max time network
155s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
12-08-2022 16:27
Behavioral task
behavioral1
Sample
b55a70cb515cdf66d6be3b99f1ccc487
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
b55a70cb515cdf66d6be3b99f1ccc487
-
Size
140KB
-
MD5
b55a70cb515cdf66d6be3b99f1ccc487
-
SHA1
e4bcd73dc52c1fa051bff90698de325612371475
-
SHA256
760646bca1fd64fa9808cb6dcc6e01221bde686cc719dcdd05c82b392e7fe247
-
SHA512
a7e8568f5f8204a8f0d5c0bc0fb33636ebd6de44de78b5c456ad29019880eae750b1c7a57e6a7ab7ee6a2b2d1a800c883dcdcb3b5765ba57c2affd0eaae0824b
Malware Config
Signatures
-
Contacts a large (69085) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
b55a70cb515cdf66d6be3b99f1ccc487description ioc process /proc/net/route /proc/net/route b55a70cb515cdf66d6be3b99f1ccc487 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
b55a70cb515cdf66d6be3b99f1ccc487description ioc process /proc/net/route /proc/net/route b55a70cb515cdf66d6be3b99f1ccc487