Analysis
-
max time kernel
10853s -
max time network
151s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
17-03-2023 09:06
Behavioral task
behavioral1
Sample
x86.elf
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
x86.elf
-
Size
113KB
-
MD5
526fc7839eacdd1dc4696e589b20ebde
-
SHA1
d4ff7204bc3813286803f9442949f33caf00468a
-
SHA256
d12b23f4e5e7c85fe5ecea44a23e5b476039649c635227d6b64b6bc1ef1cc226
-
SHA512
904261f9623737b1fb5ca255c1ad76ab3237e7938ad23de72e9e53c48b990b448fe86964ca53f68f360c93e2ab373516e08916e2f1fd66baa97d6e46e85fbf5a
-
SSDEEP
3072:kiry859a2ADJf9wHYqbgFFo8+HeAo+TRCm7FnVqfJXFWbNb:T9a2aLqkrMnsm7FnVqfJXFWbNb
Score
9/10
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
x86.elfdescription ioc process /proc/net/route /proc/net/route x86.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
x86.elfdescription ioc process /proc/net/route /proc/net/route x86.elf