ea33930bc0a3caf04361956d8aaa1970bd8157f8f3b7cb5a8a5e4e135ce6f734

Analysis

max time kernel
153s
max time network
153s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
05-06-2023 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86.elf
Size

54KB
MD5

77cc898625801290829c00b942cab8d3
SHA1

bcade1ec7d7f3a5729ebb80cc47c93b94c8619ce
SHA256

ea33930bc0a3caf04361956d8aaa1970bd8157f8f3b7cb5a8a5e4e135ce6f734
SHA512

c3d5ce2cf2bfcc4b7fcb524cc3c8b37dd01ab8fa4c6015f49d1f2a67e5bdffa76caaeccf6481ed0c226846b9a3bf75913ffc9564e985abbfdbbd71b894f1293d
SSDEEP

1536:JeESt/basV2rcZhG6ySN7naEpW1ZzWOIaEjrqMFs:JeESt/basVTgS7naEw1ptXES6

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (36856) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/bin/watchdog	586	x86.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/2/cmdline	Process not Found
File opened for reading	/proc/21/cmdline	Process not Found
File opened for reading	/proc/220/cmdline	Process not Found
File opened for reading	/proc/29/cmdline	Process not Found
File opened for reading	/proc/78/cmdline	Process not Found
File opened for reading	/proc/84/cmdline	Process not Found
File opened for reading	/proc/155/cmdline	Process not Found
File opened for reading	/proc/407/cmdline	Process not Found
File opened for reading	/proc/13/cmdline	Process not Found
File opened for reading	/proc/15/cmdline	Process not Found
File opened for reading	/proc/81/cmdline	Process not Found
File opened for reading	/proc/191/cmdline	Process not Found
File opened for reading	/proc/250/cmdline	Process not Found
File opened for reading	/proc/581/cmdline	Process not Found
File opened for reading	/proc/584/cmdline	Process not Found
File opened for reading	/proc/9/cmdline	Process not Found
File opened for reading	/proc/24/cmdline	Process not Found
File opened for reading	/proc/157/cmdline	Process not Found
File opened for reading	/proc/167/cmdline	Process not Found
File opened for reading	/proc/427/cmdline	Process not Found
File opened for reading	/proc/28/cmdline	Process not Found
File opened for reading	/proc/154/cmdline	Process not Found
File opened for reading	/proc/158/cmdline	Process not Found
File opened for reading	/proc/163/cmdline	Process not Found
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/7/cmdline	Process not Found
File opened for reading	/proc/10/cmdline	Process not Found
File opened for reading	/proc/18/cmdline	Process not Found
File opened for reading	/proc/330/cmdline	Process not Found
File opened for reading	/proc/424/cmdline	Process not Found
File opened for reading	/proc/23/cmdline	Process not Found
File opened for reading	/proc/30/cmdline	Process not Found
File opened for reading	/proc/168/cmdline	Process not Found
File opened for reading	/proc/280/cmdline	Process not Found
File opened for reading	/proc/80/cmdline	Process not Found
File opened for reading	/proc/362/cmdline	Process not Found
File opened for reading	/proc/583/cmdline	Process not Found
File opened for reading	/proc/1/cmdline	Process not Found
File opened for reading	/proc/8/cmdline	Process not Found
File opened for reading	/proc/36/cmdline	Process not Found
File opened for reading	/proc/79/cmdline	Process not Found
File opened for reading	/proc/156/cmdline	Process not Found
File opened for reading	/proc/159/cmdline	Process not Found
File opened for reading	/proc/348/cmdline	Process not Found
File opened for reading	/proc/349/cmdline	Process not Found
File opened for reading	/proc/5/cmdline	Process not Found
File opened for reading	/proc/11/cmdline	Process not Found
File opened for reading	/proc/22/cmdline	Process not Found
File opened for reading	/proc/82/cmdline	Process not Found
File opened for reading	/proc/344/cmdline	Process not Found
File opened for reading	/proc/347/cmdline	Process not Found
File opened for reading	/proc/4/cmdline	Process not Found
File opened for reading	/proc/6/cmdline	Process not Found
File opened for reading	/proc/16/cmdline	Process not Found
File opened for reading	/proc/192/cmdline	Process not Found
File opened for reading	/proc/17/cmdline	Process not Found
File opened for reading	/proc/32/cmdline	Process not Found
File opened for reading	/proc/166/cmdline	Process not Found
File opened for reading	/proc/594/cmdline	Process not Found
File opened for reading	/proc/410/cmdline	Process not Found
File opened for reading	/proc/582/cmdline	Process not Found
File opened for reading	/proc/27/cmdline	Process not Found
File opened for reading	/proc/115/cmdline	Process not Found
File opened for reading	/proc/345/cmdline	Process not Found

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/bin/watchdog?��/�?��A?��	sh

/tmp/x86.elf
/tmp/x86.elf
1⤵
- Changes its process name
PID:586
- /bin/sh
  sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog?��/�?��A?�� && mv /tmp/x86.elf�?�� bin/watchdog; chmod 777 bin/watchdog"
  2⤵
  - Writes file to tmp directory
  PID:587
- - /bin/rm
    rm -rf bin/watchdog
    3⤵
    PID:588
- - /bin/mkdir
    mkdir bin
    3⤵
    - Reads runtime system information
    PID:589
- - /bin/chmod
    chmod 777 "bin/watchdog"
    3⤵
    PID:590

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads