Analysis
-
max time kernel
30996s -
max time network
137s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
30-11-2022 13:12
Behavioral task
behavioral1
Sample
6278571a34de828080ad923c86b507a3d34ca9178fae98d70ce6a373285b3d97
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
6278571a34de828080ad923c86b507a3d34ca9178fae98d70ce6a373285b3d97
-
Size
113KB
-
MD5
ca4d88cd6e60a819c567519f832e5c57
-
SHA1
a92bbd68960f9bb7b3071b1ddc4960fe50b953f0
-
SHA256
6278571a34de828080ad923c86b507a3d34ca9178fae98d70ce6a373285b3d97
-
SHA512
0e013bd90f57158c4db30eac79b1a7712104c2e674e2b8ddabe1ee611e46c7adf1e0561f759bffee72f046330609832acf610a68537f0ad205b6ba4411f337ea
-
SSDEEP
3072:kiry859a2ADJf9wHYqbgFFo8+HeAM+T1bm7FnVqfJXoebNb:T9a2aLqkrMjBm7FnVqfJXoebNb
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
6278571a34de828080ad923c86b507a3d34ca9178fae98d70ce6a373285b3d97description ioc process /proc/net/route /proc/net/route 6278571a34de828080ad923c86b507a3d34ca9178fae98d70ce6a373285b3d97 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
6278571a34de828080ad923c86b507a3d34ca9178fae98d70ce6a373285b3d97description ioc process /proc/net/route /proc/net/route 6278571a34de828080ad923c86b507a3d34ca9178fae98d70ce6a373285b3d97