a50abe84e896949a9f2f603fd16fd176ded25fead38e55b2e4b7cb3dcbd44ad0

Analysis

max time kernel
152s
max time network
9s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20230621-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20230621-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
08/07/2023, 17:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

599-1-0x0000000008048000-0x00000000080547a0-memory.dmp
Size

48KB
MD5

f432d7e5b7766627af2f6c31b694b729
SHA1

128e3f86d6fabc5f89cc6759d926a52f728ea5d6
SHA256

a50abe84e896949a9f2f603fd16fd176ded25fead38e55b2e4b7cb3dcbd44ad0
SHA512

b5f23ad67258add1c8b1b74be920681cb6644e3dd5e7ecd6f6edb5157744e62172bcf053abef21a3b35026573651bf48f2fbb350a64ad49f6363af2872d3cc9d
SSDEEP

1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2iueA:Gv4QPfZfW5XTOeoEzJ7AQwf2i2

Score

7^/10

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/sbin/watchdog
File opened for modification	/bin/watchdog

Reads runtime system information 12 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/438/cmdline
File opened for reading	/proc/596/cmdline
File opened for reading	/proc/601/cmdline
File opened for reading	/proc/594/cmdline
File opened for reading	/proc/595/cmdline
File opened for reading	/proc/420/cmdline
File opened for reading	/proc/422/cmdline
File opened for reading	/proc/439/cmdline
File opened for reading	/proc/440/cmdline
File opened for reading	/proc/576/cmdline
File opened for reading	/proc/593/cmdline
File opened for reading	/proc/602/cmdline

/tmp/599-1-0x0000000008048000-0x00000000080547a0-memory.dmp
/tmp/599-1-0x0000000008048000-0x00000000080547a0-memory.dmp
1⤵
PID:598

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads