04678ae045baad53b95d38b7867276bd9fff12cf22be585808813d050275d44a

Analysis

max time kernel
152s
max time network
154s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20230831-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
02/10/2023, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de740b41c1a7f91c4a6c7186f997d46c
Size

62KB
MD5

de740b41c1a7f91c4a6c7186f997d46c
SHA1

cda286716993fc81026b288a7b45c47b9dc4a93f
SHA256

04678ae045baad53b95d38b7867276bd9fff12cf22be585808813d050275d44a
SHA512

d5828abe41e99c5d5e4c35745372ac6805d69c24d9128d229c3d8a4c2d0d1dec0e5c53cfd7a43178f773dbdedff2ca51e1dbb7ddda63f5371a8747c786511178
SSDEEP

1536:b5VYYpXIqVkxmxRvXMFnKia1jGKO18Hq6PW9m1Tb0+j/KUAm9Y:diYpROxmxhXMFnKl9GHCHqshb5/eq

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (23672) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	608	de740b41c1a7f91c4a6c7186f997d46c

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Reads runtime system information 14 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/414/maps
File opened for reading	/proc/545/maps
File opened for reading	/proc/595/maps
File opened for reading	/proc/596/maps
File opened for reading	/proc/612/maps
File opened for reading	/proc/406/maps
File opened for reading	/proc/594/maps
File opened for reading	/proc/610/maps
File opened for reading	/proc/613/maps
File opened for reading	/proc/614/maps
File opened for reading	/proc/416/maps
File opened for reading	/proc/462/maps
File opened for reading	/proc/565/maps
File opened for reading	/proc/597/maps

/tmp/de740b41c1a7f91c4a6c7186f997d46c
/tmp/de740b41c1a7f91c4a6c7186f997d46c
1⤵
- Changes its process name
PID:608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads