Overview

overview

10

Static

static

10

jew.x86.elf

ubuntu-18.04-amd64

9

Analysis

  • max time kernel
    152s
  • max time network
    153s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20221111-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    29/05/2023, 12:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    jew.x86.elf

  • Size

    53KB

  • MD5

    08e8e8da28bc8d3b1a96542aa0c73fdd

  • SHA1

    dab983700ea4029a896f035cfe495dddb91f3a6e

  • SHA256

    f0148557c079a0f8fd9d779cd9ffc80998713b085ed08180ed184af31f68a044

  • SHA512

    37ff03c63a3bfd2ac01d3c173fc04cec5aa9f4333cbe35fa218d4e129198bbe0a05d35ca8ac514ecc9b5d685e4116830fbb590dc99c531cdee9459a289a3d75e

  • SSDEEP

    1536:BAmkKnnAvjccy7ZeDm4EJd+67ZhP/2Bj6NYc2dZKQDf6:ORKnAvjcV7ZIEJdxZhP/2taXSHb

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (118913) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs

Processes

  • /tmp/jew.x86.elf
    /tmp/jew.x86.elf
    1⤵
    • Changes its process name
    PID:617

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads