Analysis
-
max time kernel
155s -
max time network
159s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
03-01-2024 15:31
Behavioral task
behavioral1
Sample
a22e3e18da3a7ff50e1079ef579a200f3e5143dbfb6e45d97467e9f4638b9e6c.elf
Resource
ubuntu1804-amd64-20231215-en
General
-
Target
a22e3e18da3a7ff50e1079ef579a200f3e5143dbfb6e45d97467e9f4638b9e6c.elf
-
Size
50KB
-
MD5
a4794bb37006b30ce3c5130f5995539d
-
SHA1
507e778072907136be778b5af52702954f0da95b
-
SHA256
a22e3e18da3a7ff50e1079ef579a200f3e5143dbfb6e45d97467e9f4638b9e6c
-
SHA512
4d563d0151cf29cd5f593511f857610f3f5b711edfd77453e967e46494e277e03027baa1fbf439475a0890e18730e896289f4d6e6b64e7bbbb6299e4b2b8630d
-
SSDEEP
768:ytYRSjaQ9DaZFoJlExakbMqu8iHERkvKy+hRlOTm/4RsvKQLDJ1gMjz:WYRSjaCurwlP/4ly+h7Oq/4G3LN1gMv
Malware Config
Signatures
-
Contacts a large (55269) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
a22e3e18da3a7ff50e1079ef579a200f3e5143dbfb6e45d97467e9f4638b9e6c.elfdescription pid process Changes the process name, possibly in an attempt to hide itself 1534 a22e3e18da3a7ff50e1079ef579a200f3e5143dbfb6e45d97467e9f4638b9e6c.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Writes file to system bin folder 1 TTPs 1 IoCs