Analysis
-
max time kernel
152s -
max time network
154s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
30-04-2023 21:00
General
-
Target
x86.elf
-
Size
34KB
-
MD5
a0035af8d827c209a89cea5ae60d5110
-
SHA1
a25665b7268adcca0619acff19055053da6c64f0
-
SHA256
4beb12afef07d5bbe0049879a09a72309e63f75cf8f3d11bb9f092f7c56b0982
-
SHA512
5f773ac1679ece6d45848891f4a0d306a65ea1957f3bee0475a84e0eadf32f480c7975ce3a6ee953aaedc8e9430975517a1f007006316a4a8254eb179a72b9d6
-
SSDEEP
768:dDHUts8wX6+D1UCjLVyghoa0m5Budg8OGbn5/QenbcuyD7UGQRjF:d4uCW1J3ogaCuOoz9Qenouy8Gy5
Malware Config
Extracted
mirai
KYTON
Signatures
-
Contacts a large (103353) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Changes its process name 1 IoCs
Processes:
x86.elfdescription pid process Changes the process name, possibly in an attempt to hide itself 581 x86.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/585/exe
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/581-1-0x0000000008048000-0x0000000008060bc4-memory.dmp