Analysis

  • max time kernel
    154s
  • max time network
    157s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20/12/2023, 01:17

General

  • Target

    78253e96ebfe4e9e8db74c68e3b1b082

  • Size

    29KB

  • MD5

    78253e96ebfe4e9e8db74c68e3b1b082

  • SHA1

    1c273463c9577e9264397b08f5b7e8367abf48fa

  • SHA256

    aff3faa47c356b0f6e5af84e16fa54c21e6d45b7170134ccd252328002551cf7

  • SHA512

    0dbc15da2a441c5634e3c8ea011af336a74d7b0b0165ecc0571ef55df84196f9930a45079467a7badee8a5241e17453dca1b4f98442a659597295ad734b3a6b1

  • SSDEEP

    384:cDsXRFF282R4Gs0kp3OjUjidRedJFzac+FR+DuuI855C5WkXRBLeiFQv9WaA8w3z:cD4n2R4Gs0kp3acFekw35vSiFM9DQk

Score
9/10

Malware Config

Signatures

  • Contacts a large (23673) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 1 IoCs

Processes

  • /tmp/78253e96ebfe4e9e8db74c68e3b1b082
    /tmp/78253e96ebfe4e9e8db74c68e3b1b082
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    PID:1547

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads