Analysis
-
max time kernel
152s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19-06-2023 08:04
Behavioral task
behavioral1
Sample
botx.x86.elf
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
5 signatures
150 seconds
General
-
Target
botx.x86.elf
-
Size
50KB
-
MD5
a147fd7f6b23285ef215a05d5f3884e4
-
SHA1
183e6f5d2dd9a95c8ba214f1f81134297fffb494
-
SHA256
66dccdec81b69c25ccfa292d8281a9715a640e45ae0989502190fbcbdcc19658
-
SHA512
8d64e25eca6b9e3163958623678b94f1c78610eb41c85d85029b6241265ce1ec87d67397cfb618d7ccab5c7ea42fca9730a6608771eaa05e7427662e0221ac0a
-
SSDEEP
768:ytYRSjaQ9DaZ/oJlExakbMqu8iuIkvKy+h1laTm/4RsvKQLDJCgMjz:WYRSjaCu1wlPGIly+hXaq/4G3LNCgMv
Score
9/10
Malware Config
Signatures
-
Contacts a large (57949) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
botx.x86.elfdescription pid process Changes the process name, possibly in an attempt to hide itself 609 botx.x86.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 1 IoCs