Analysis
-
max time kernel
0s -
max time network
155s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
29-11-2022 15:24
Behavioral task
behavioral1
Sample
robinbot
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
robinbot
-
Size
130KB
-
MD5
500009d8f68330a8f82b59884a9afe47
-
SHA1
575f5e6894b1a2f7a728435487666acdb9758f83
-
SHA256
a46770913fba87921b56d789396e07cdfd68a846b2e80a77aa07e1c62f9304d6
-
SHA512
ec62621ec2e037cb9f3890486ff4fb127ee6b34657ee7c2b1e3401de5d7fa2bb554e62d5c378dd93c43a3bb0bf4d210556cf8e67c0ff8449d0c615262e94dfba
-
SSDEEP
3072:xffIDJOocVBUbd8A2W3M/fvLUpANet2xBTd:xgDAtVmB8sM/fvLUpANet2xBTd
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.
Processes:
description ioc /etc/hosts /etc/hosts -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
robinbotdescription ioc process /tmp/robinbot /tmp/robinbot robinbot