Analysis
-
max time kernel
153s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19/04/2023, 09:58
Behavioral task
behavioral1
Sample
f64741cbc1f7a7e538a79d88245cdc84.elf
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
General
-
Target
f64741cbc1f7a7e538a79d88245cdc84.elf
-
Size
71KB
-
MD5
f64741cbc1f7a7e538a79d88245cdc84
-
SHA1
575b1f2957ded14009b54ac3e1cc91497c39f3fe
-
SHA256
7a16c8c3c7a0e66bba9d5ebf9fc5b8d0cf2f0c3c920ad5d7fed05284ca86e53b
-
SHA512
123e7ac2bec149a84f70487c56de7460b1903c3b59ad1f3e645b67fd2d48c10200b9ca853c232f7802522ba3b28f8d6c14ec379ba61f70b2cebd62ec348dbd4b
-
SSDEEP
1536:LqO1qNU3qK2iAQDEI3QSzu5g2UOXS4GX6Z6ojiQj80g:LBqG6K23QDEIgCdOXZGXUqQj7g
Malware Config
Signatures
-
Contacts a large (23989) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
description ioc /sbin/watchdog /sbin/watchdog /bin/watchdog /bin/watchdog -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/1551/maps /proc/1551/maps /proc/1934/maps /proc/1934/maps /proc/1297/maps /proc/1297/maps /proc/1468/maps /proc/1468/maps /proc/1170/maps /proc/1170/maps /proc/2093/maps /proc/2093/maps /proc/592/maps /proc/592/maps /proc/785/maps /proc/785/maps /proc/1481/maps /proc/1481/maps /proc/2004/maps /proc/2004/maps /proc/891/maps /proc/891/maps /proc/1329/maps /proc/1329/maps /proc/1966/maps /proc/1966/maps /proc/1348/maps /proc/1348/maps /proc/1380/maps /proc/1380/maps /proc/994/maps /proc/994/maps /proc/1018/maps /proc/1018/maps /proc/1482/maps /proc/1482/maps /proc/428/maps /proc/428/maps /proc/980/maps /proc/980/maps /proc/1203/maps /proc/1203/maps /proc/1208/maps /proc/1208/maps /proc/1272/maps /proc/1272/maps /proc/1656/maps /proc/1656/maps /proc/1688/maps /proc/1688/maps /proc/1953/maps /proc/1953/maps /proc/591/maps /proc/591/maps /proc/855/maps /proc/855/maps /proc/1759/maps /proc/1759/maps /proc/1967/maps /proc/1967/maps /proc/1240/maps /proc/1240/maps /proc/1412/maps /proc/1412/maps /proc/1694/maps /proc/1694/maps /proc/2036/maps /proc/2036/maps /proc/424/maps /proc/424/maps /proc/1417/maps /proc/1417/maps /proc/878/maps /proc/878/maps /proc/948/maps /proc/948/maps /proc/730/maps /proc/730/maps /proc/1675/maps /proc/1675/maps /proc/1713/maps /proc/1713/maps /proc/854/maps /proc/854/maps /proc/1157/maps /proc/1157/maps /proc/1689/maps /proc/1689/maps /proc/1745/maps /proc/1745/maps /proc/582/maps /proc/582/maps /proc/588/maps /proc/588/maps /proc/993/maps /proc/993/maps /proc/1828/maps /proc/1828/maps /proc/584/maps /proc/584/maps /proc/910/maps /proc/910/maps /proc/790/maps /proc/790/maps /proc/999/maps /proc/999/maps /proc/1833/maps /proc/1833/maps /proc/590/maps /proc/590/maps /proc/1069/maps /proc/1069/maps /proc/1343/maps /proc/1343/maps /proc/1399/maps /proc/1399/maps /proc/1619/maps /proc/1619/maps /proc/1643/maps /proc/1643/maps /proc/1884/maps /proc/1884/maps /proc/2023/maps /proc/2023/maps /proc/ /proc/ /proc/1031/maps /proc/1031/maps