Analysis
-
max time kernel
152s -
max time network
154s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221125-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221125-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
10-05-2023 01:18
General
-
Target
75a88da8eb68a86955194ffd839ace87201ebad837cf6d9dfddbb2f6a1ef08aa.elf
-
Size
26KB
-
MD5
2bad8f8537af64c19b6f4314c354edc0
-
SHA1
7e49fd3174326b51fa988911dfc517c419710438
-
SHA256
75a88da8eb68a86955194ffd839ace87201ebad837cf6d9dfddbb2f6a1ef08aa
-
SHA512
d63d494730e61965d1bdc9ac36eca64cee00bde9ed07eb7a3c272fc4775cd57d107f21c473a0d23c1cd1551f6e3b5c729e37b44f0c618675013a8fef3b18ff33
-
SSDEEP
384:MUv66YgiokzDM366q1tl81r31ueV9suqK0eaNpVIEWW+ZaWz4lq3+v1RK:x66Y4hy8qi9sK0PINW9WzU9K
Malware Config
Extracted
mirai
BOTNET
pachoisgay.3utilities.com
Signatures
-
Contacts a large (108995) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name 1 IoCs
Processes:
75a88da8eb68a86955194ffd839ace87201ebad837cf6d9dfddbb2f6a1ef08aa.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself /var/Sofia 596 75a88da8eb68a86955194ffd839ace87201ebad837cf6d9dfddbb2f6a1ef08aa.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/80/cmdline File opened for reading /proc/161/cmdline File opened for reading /proc/35/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/158/cmdline File opened for reading /proc/168/cmdline File opened for reading /proc/357/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/32/cmdline File opened for reading /proc/129/cmdline File opened for reading /proc/351/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/85/cmdline File opened for reading /proc/156/cmdline File opened for reading /proc/289/cmdline File opened for reading /proc/164/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/25/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/89/cmdline File opened for reading /proc/194/cmdline File opened for reading /proc/592/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/79/cmdline File opened for reading /proc/163/cmdline File opened for reading /proc/591/cmdline File opened for reading /proc/285/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/155/cmdline File opened for reading /proc/162/cmdline File opened for reading /proc/165/cmdline File opened for reading /proc/172/cmdline File opened for reading /proc/429/cmdline File opened for reading /proc/593/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/30/cmdline File opened for reading /proc/115/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/371/cmdline File opened for reading /proc/567/cmdline File opened for reading /proc/36/cmdline File opened for reading /proc/160/cmdline File opened for reading /proc/253/cmdline File opened for reading /proc/334/cmdline File opened for reading /proc/410/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/159/cmdline File opened for reading /proc/171/cmdline File opened for reading /proc/601/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/167/cmdline File opened for reading /proc/335/cmdline
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/596-1-0x0000000008048000-0x0000000008057900-memory.dmp