Analysis
-
max time kernel
154s -
max time network
162s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
03/01/2024, 15:31
General
-
Target
e6e8f9c514a81f8297958f07a86d1f95d4b5b92307cb837a4ac8c4d1120e8c72.elf
-
Size
27KB
-
MD5
fc85e85cce8d448419bce9f7d49e5d5d
-
SHA1
dfc2d80074a88c8f1bd776912c07977fe81aafba
-
SHA256
e6e8f9c514a81f8297958f07a86d1f95d4b5b92307cb837a4ac8c4d1120e8c72
-
SHA512
9be899d9907d1b21323be4c3a9ef884d9ee44874bc063df775bc148efaaa3dfbd31b72f6e6bb0479e3586eaa5a4feb23ca450ab0bf42bb5979fb3eee62a33556
-
SSDEEP
768:YPglXhOQ2TdsR8Be57nH8m9J06KCyiwSWv4Kq:VX2ThBe57nHJ9RwSWgt
Malware Config
Extracted
Family
mirai
Botnet
UNSTABLE
C2
botnet.bydgoszcz.pl
Signatures
-
Contacts a large (57584) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 1530 e6e8f9c514a81f8297958f07a86d1f95d4b5b92307cb837a4ac8c4d1120e8c72.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/713/cmdline Process not Found File opened for reading /proc/1167/cmdline Process not Found File opened for reading /proc/1311/cmdline Process not Found File opened for reading /proc/1526/cmdline Process not Found File opened for reading /proc/1627/cmdline Process not Found File opened for reading /proc/1254/cmdline Process not Found File opened for reading /proc/439/cmdline Process not Found File opened for reading /proc/578/cmdline Process not Found File opened for reading /proc/598/cmdline Process not Found File opened for reading /proc/955/cmdline Process not Found File opened for reading /proc/1168/cmdline Process not Found File opened for reading /proc/1092/cmdline Process not Found File opened for reading /proc/1195/cmdline Process not Found File opened for reading /proc/1188/cmdline Process not Found File opened for reading /proc/1609/cmdline Process not Found File opened for reading /proc/1633/cmdline Process not Found File opened for reading /proc/949/cmdline Process not Found File opened for reading /proc/1066/cmdline Process not Found File opened for reading /proc/1156/cmdline Process not Found File opened for reading /proc/1194/cmdline Process not Found File opened for reading /proc/1257/cmdline Process not Found File opened for reading /proc/1024/cmdline Process not Found File opened for reading /proc/1154/cmdline Process not Found File opened for reading /proc/1528/cmdline Process not Found File opened for reading /proc/471/cmdline Process not Found File opened for reading /proc/1128/cmdline Process not Found File opened for reading /proc/1525/cmdline Process not Found File opened for reading /proc/454/cmdline Process not Found File opened for reading /proc/1603/cmdline Process not Found File opened for reading /proc/458/cmdline Process not Found File opened for reading /proc/1114/cmdline Process not Found File opened for reading /proc/1535/cmdline Process not Found File opened for reading /proc/443/cmdline Process not Found File opened for reading /proc/1186/cmdline Process not Found File opened for reading /proc/1354/cmdline Process not Found File opened for reading /proc/1559/cmdline Process not Found File opened for reading /proc/1579/cmdline Process not Found File opened for reading /proc/483/cmdline Process not Found File opened for reading /proc/657/cmdline Process not Found File opened for reading /proc/1132/cmdline Process not Found File opened for reading /proc/1306/cmdline Process not Found File opened for reading /proc/450/cmdline Process not Found File opened for reading /proc/560/cmdline Process not Found File opened for reading /proc/723/cmdline Process not Found File opened for reading /proc/1340/cmdline Process not Found File opened for reading /proc/438/cmdline Process not Found File opened for reading /proc/520/cmdline Process not Found File opened for reading /proc/1047/cmdline Process not Found File opened for reading /proc/1115/cmdline Process not Found File opened for reading /proc/1543/cmdline Process not Found File opened for reading /proc/1272/cmdline Process not Found File opened for reading /proc/self/exe e6e8f9c514a81f8297958f07a86d1f95d4b5b92307cb837a4ac8c4d1120e8c72.elf File opened for reading /proc/1174/cmdline Process not Found File opened for reading /proc/1331/cmdline Process not Found File opened for reading /proc/1573/cmdline Process not Found File opened for reading /proc/1597/cmdline Process not Found File opened for reading /proc/477/cmdline Process not Found File opened for reading /proc/1538/cmdline Process not Found File opened for reading /proc/1567/cmdline Process not Found File opened for reading /proc/1591/cmdline Process not Found File opened for reading /proc/421/cmdline Process not Found File opened for reading /proc/461/cmdline Process not Found File opened for reading /proc/1083/cmdline Process not Found File opened for reading /proc/1145/cmdline Process not Found