6d5c7f978461ad4257cf22767f99415b90b888f74955e2ca4f3308556611c399

Analysis

max time kernel
0s
max time network
152s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22-08-2022 09:01

Target

253840c1b3d2b310f4b911e02ff99a88
Size

113KB
MD5

253840c1b3d2b310f4b911e02ff99a88
SHA1

46142ee3171e77f8016d4f911fd182f8dccfc87b
SHA256

6d5c7f978461ad4257cf22767f99415b90b888f74955e2ca4f3308556611c399
SHA512

889bad16b9b584b52bab532a19494f04380acf3abeee8897c4fa44a35ee281c7e040acd975d09ab77895fd3d28b73938b50c3b99edf764cd8d72fbb143b565cf

Score

9^/10

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

253840c1b3d2b310f4b911e02ff99a88

description ioc process

/proc/net/route /proc/net/route 253840c1b3d2b310f4b911e02ff99a88
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

253840c1b3d2b310f4b911e02ff99a88

description ioc process

/proc/net/route /proc/net/route 253840c1b3d2b310f4b911e02ff99a88

description	ioc	process
/proc/net/route	/proc/net/route	253840c1b3d2b310f4b911e02ff99a88

description	ioc	process
/proc/net/route	/proc/net/route	253840c1b3d2b310f4b911e02ff99a88

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact