Analysis
-
max time kernel
152s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
08-05-2023 17:12
General
-
Target
110b9c4df6a774b547fe6261df6f7640.elf
-
Size
28KB
-
MD5
110b9c4df6a774b547fe6261df6f7640
-
SHA1
0594b221c18a6e313d636276c5d026bd5cd0f3fa
-
SHA256
86d15c6595bf8318ce2e0ca46727a8dca0c604d3114e1bbc089b8eea67c046eb
-
SHA512
d89162499cc6bf7d566781ce3216af32605b0fb8ba6ad0ceabaef4c3315b4245404f8171ee38a2d219dcb05df3db023d39e2f170a03ab35e06a6c69645ae5786
-
SSDEEP
768:LhAP7JIINnYOEzJgMoojL+xexp3e/e3RZ+dImO+o1sI:iNHNY30ouEhemhcdW1qI
Malware Config
Extracted
Family
mirai
Botnet
BOTNET
C2
pachoisgay.3utilities.com
Signatures
-
Contacts a large (110789) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name 1 IoCs
Processes:
110b9c4df6a774b547fe6261df6f7640.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself /var/Sofia 598 110b9c4df6a774b547fe6261df6f7640.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/35/cmdline File opened for reading /proc/80/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/173/cmdline File opened for reading /proc/175/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/309/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/168/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/82/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/205/cmdline File opened for reading /proc/346/cmdline File opened for reading /proc/427/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/79/cmdline File opened for reading /proc/576/cmdline File opened for reading /proc/180/cmdline File opened for reading /proc/181/cmdline File opened for reading /proc/263/cmdline File opened for reading /proc/357/cmdline File opened for reading /proc/596/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/165/cmdline File opened for reading /proc/176/cmdline File opened for reading /proc/603/cmdline File opened for reading /proc/171/cmdline File opened for reading /proc/172/cmdline File opened for reading /proc/367/cmdline File opened for reading /proc/601/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/31/cmdline File opened for reading /proc/594/cmdline File opened for reading /proc/595/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/366/cmdline File opened for reading /proc/381/cmdline File opened for reading /proc/307/cmdline File opened for reading /proc/358/cmdline File opened for reading /proc/36/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/129/cmdline File opened for reading /proc/182/cmdline File opened for reading /proc/245/cmdline File opened for reading /proc/602/cmdline File opened for reading /proc/169/cmdline File opened for reading /proc/177/cmdline File opened for reading /proc/344/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/170/cmdline File opened for reading /proc/447/cmdline File opened for reading /proc/450/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/85/cmdline
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/598-1-0x0000000000400000-0x0000000000510ce8-memory.dmp