b92673c1d731425b61da34933fa398a5eb4e3221b6e995a889d1f01b1d2912c1

Analysis

max time kernel
153s
max time network
158s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
20-12-2023 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95d79a84717131ee31259cecfdb7ab31
Size

54KB
MD5

95d79a84717131ee31259cecfdb7ab31
SHA1

b3fe88c1cbf6b04164f4af410db9ae6166adcf4b
SHA256

b92673c1d731425b61da34933fa398a5eb4e3221b6e995a889d1f01b1d2912c1
SHA512

420b60d6039fef8a14962f4a5cb600dfaf27efcc8a4db6f8ce5b2239efff0b2dc4b77797adeac99f875352759979ec4635d2ad3b2f6296a03a62dc49d1f6d50f
SSDEEP

768:dZCOH7Nq8o+FhqF4Ie6UjHKtpvkBABSQYrHROd3ku2VVkfVYMgwne383TkulhIZG:3CMhvqCUUjqt5BW9q3F2jkswefulh

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (23517) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself		1587	95d79a84717131ee31259cecfdb7ab31

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	95d79a84717131ee31259cecfdb7ab31
File opened for modification	/dev/misc/watchdog	95d79a84717131ee31259cecfdb7ab31

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow

T1574

description	ioc	Process
File opened for modification	/sbin/watchdog	95d79a84717131ee31259cecfdb7ab31

/tmp/95d79a84717131ee31259cecfdb7ab31
/tmp/95d79a84717131ee31259cecfdb7ab31
1⤵
- Changes its process name
- Modifies Watchdog functionality
- Writes file to system bin folder
PID:1587

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads