Analysis
-
max time kernel
155s -
max time network
159s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19/12/2023, 22:41
Behavioral task
behavioral1
Sample
1f69f3b2bb56081261b066784dca8196
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
General
-
Target
1f69f3b2bb56081261b066784dca8196
-
Size
61KB
-
MD5
1f69f3b2bb56081261b066784dca8196
-
SHA1
2dd2a5ce0c01517d75cce503dfc6e292b8aceeca
-
SHA256
4447bd8bfcd4eeff5d7223fa47dd0a785a5fffdd7ca080f86893e7d91d9261e7
-
SHA512
cbd3e0d2a959419c6a7afc0b3208b14408de8677cf2daf252a7e5d20b6d3000c7ad0088ae4f7cc662ec979675b4ee0ac0c433fe532347c79d25bc2ac5b2306e8
-
SSDEEP
1536:1Uti+GXggf/bICZtbXYlaflSWD/aQfoT5aq3C3WRx:15Xggf/bICZtbXYlatSWD/XfoT4qSmRx
Malware Config
Signatures
-
Contacts a large (20495) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/700/fd File opened for reading /proc/1142/fd File opened for reading /proc/1623/exe File opened for reading /proc/1956/exe File opened for reading /proc/1185/fd File opened for reading /proc/1815/exe File opened for reading /proc/318/fd File opened for reading /proc/1043/fd File opened for reading /proc/1186/fd File opened for reading /proc/1819/exe File opened for reading /proc/1212/fd File opened for reading /proc/427/exe File opened for reading /proc/1142/exe File opened for reading /proc/1553/exe File opened for reading /proc/1827/exe File opened for reading /proc/1844/exe File opened for reading /proc/2180/exe File opened for reading /proc/519/fd File opened for reading /proc/1071/fd File opened for reading /proc/1166/fd File opened for reading /proc/591/exe File opened for reading /proc/635/fd File opened for reading /proc/1031/fd File opened for reading /proc/1146/fd File opened for reading /proc/1929/exe File opened for reading /proc/433/fd File opened for reading /proc/536/exe File opened for reading /proc/1812/exe File opened for reading /proc/314/fd File opened for reading /proc/478/fd File opened for reading /proc/1056/fd File opened for reading /proc/1147/fd File opened for reading /proc/1769/exe File opened for reading /proc/2133/exe File opened for reading /proc/2194/exe File opened for reading /proc/459/fd File opened for reading /proc/592/fd File opened for reading /proc/1457/exe File opened for reading /proc/1577/exe File opened for reading /proc/657/fd File opened for reading /proc/1523/exe File opened for reading /proc/1773/exe File opened for reading /proc/401/fd File opened for reading /proc/964/fd File opened for reading /proc/1543/fd File opened for reading /proc/727/exe File opened for reading /proc/1556/exe File opened for reading /proc/1994/exe File opened for reading /proc/421/fd File opened for reading /proc/1243/fd File opened for reading /proc/1286/fd File opened for reading /proc/519/exe File opened for reading /proc/850/fd File opened for reading /proc/1335/fd File opened for reading /proc/2191/exe File opened for reading /proc/403/fd File opened for reading /proc/427/fd File opened for reading /proc/433/exe File opened for reading /proc/659/fd File opened for reading /proc/1242/fd File opened for reading /proc/2195/exe File opened for reading /proc/1112/fd File opened for reading /proc/473/exe File opened for reading /proc/2154/exe