Analysis
-
max time kernel
154s -
max time network
156s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19/12/2023, 23:00
Behavioral task
behavioral1
Sample
3b87ddf5b7d666aab721e8c7e0e69584
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
7 signatures
150 seconds
General
-
Target
3b87ddf5b7d666aab721e8c7e0e69584
-
Size
97KB
-
MD5
3b87ddf5b7d666aab721e8c7e0e69584
-
SHA1
f6752645245bfaa2eb9ba886f69bcef598c01165
-
SHA256
1fe454c1218581d2c43e4e0bc2f9c2c87364c56c3fbec4e9c25c32125a43f3fe
-
SHA512
092ecfc68cc156c77c2e7e5d9b25169d4f8a0114e591d8f7d6a5d62b405a7393a9a74c2a5e580974792b43428d327df4807c879bf67403d667bfc4e4d8181171
-
SSDEEP
3072:QH4TN5B2d0mdeSlggUwCujychm1u5mzX3nycw69geZ/UsdFky7:QHWjwSqpSgUwCujychm1u5mzXXumzdFT
Score
9/10
Malware Config
Signatures
-
Contacts a large (36404) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 2 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp 3b87ddf5b7d666aab721e8c7e0e69584 File opened for reading /proc/net/tcp Process not Found -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp 3b87ddf5b7d666aab721e8c7e0e69584 File opened for reading /proc/net/tcp Process not Found -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/431/fd Process not Found File opened for reading /proc/660/fd Process not Found File opened for reading /proc/478/exe Process not Found File opened for reading /proc/3219/exe Process not Found File opened for reading /proc/457/fd Process not Found File opened for reading /proc/3348/exe Process not Found File opened for reading /proc/551/fd Process not Found File opened for reading /proc/2421/exe Process not Found File opened for reading /proc/1530/fd Process not Found File opened for reading /proc/2299/exe Process not Found File opened for reading /proc/3045/exe Process not Found File opened for reading /proc/521/exe Process not Found File opened for reading /proc/572/exe Process not Found File opened for reading /proc/2344/exe Process not Found File opened for reading /proc/2418/exe Process not Found File opened for reading /proc/2219/exe Process not Found File opened for reading /proc/2415/exe Process not Found File opened for reading /proc/3044/exe Process not Found File opened for reading /proc/2157/exe Process not Found File opened for reading /proc/2276/exe Process not Found File opened for reading /proc/3354/exe Process not Found File opened for reading /proc/3268/exe Process not Found File opened for reading /proc/1192/fd Process not Found File opened for reading /proc/467/exe Process not Found File opened for reading /proc/1554/exe Process not Found File opened for reading /proc/2178/exe Process not Found File opened for reading /proc/2277/exe Process not Found File opened for reading /proc/2401/exe Process not Found File opened for reading /proc/2410/exe Process not Found File opened for reading /proc/3297/exe Process not Found File opened for reading /proc/265/fd 3b87ddf5b7d666aab721e8c7e0e69584 File opened for reading /proc/1561/fd Process not Found File opened for reading /proc/490/exe Process not Found File opened for reading /proc/2407/exe Process not Found File opened for reading /proc/490/fd Process not Found File opened for reading /proc/1315/fd Process not Found File opened for reading /proc/648/exe Process not Found File opened for reading /proc/1533/exe Process not Found File opened for reading /proc/2288/exe Process not Found File opened for reading /proc/2306/exe Process not Found File opened for reading /proc/2406/exe Process not Found File opened for reading /proc/3043/exe Process not Found File opened for reading /proc/595/exe Process not Found File opened for reading /proc/2473/exe Process not Found File opened for reading /proc/1068/fd Process not Found File opened for reading /proc/1310/fd Process not Found File opened for reading /proc/1562/fd Process not Found File opened for reading /proc/2269/exe Process not Found File opened for reading /proc/3382/exe Process not Found File opened for reading /proc/320/fd Process not Found File opened for reading /proc/1189/fd Process not Found File opened for reading /proc/318/fd Process not Found File opened for reading /proc/472/fd Process not Found File opened for reading /proc/595/fd Process not Found File opened for reading /proc/880/exe Process not Found File opened for reading /proc/1051/exe Process not Found File opened for reading /proc/663/fd Process not Found File opened for reading /proc/1051/fd Process not Found File opened for reading /proc/1559/fd Process not Found File opened for reading /proc/1531/exe Process not Found File opened for reading /proc/2215/exe Process not Found File opened for reading /proc/2412/exe Process not Found File opened for reading /proc/950/fd Process not Found File opened for reading /proc/2163/exe Process not Found