Overview

overview

10

Static

static

10

35ccf25e8a...19.elf

ubuntu-18.04-amd64

9

Analysis

  • max time kernel
    96s
  • max time network
    102s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    16-05-2023 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35ccf25e8a030b10ec1031e39edf2f19.elf

  • Size

    97KB

  • MD5

    35ccf25e8a030b10ec1031e39edf2f19

  • SHA1

    a28f69f7d2bee281a507dd2bc7dadb3e16ff4c9b

  • SHA256

    3200f00358e53603e44a0a1231bb167f35bec2bd703b36a4ca36e6dcac10546e

  • SHA512

    2fe8fd4ee3340d8ab265c9992047a2f17dfd08c61f8cc40a11ed2a5b56499cca51a67b589a5aa457145930586df7b7df47fd13c61a33b6bf6d0125cc27405027

  • SSDEEP

    3072:VK1z13U6HzHoXRtmTUhQogkEmmFVcqq0GnDZT:VK7DDeKlogkEmmFVcqq0GnDZT

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Changes its process name 1 IoCs
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/35ccf25e8a030b10ec1031e39edf2f19.elf
    /tmp/35ccf25e8a030b10ec1031e39edf2f19.elf
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:597

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads