Analysis
-
max time kernel
155s -
max time network
158s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
-
submitted
12-02-2024 17:41
General
-
Target
1559-1-0x0000000000400000-0x0000000000524748-memory.dmp
-
Size
69KB
-
MD5
f38ca08d687989196c02903db58eae03
-
SHA1
bdbcb153eaf1db45a179feb7cfe1fd37f93ef73c
-
SHA256
58fd767fd281ead35ef21dcbc831629fa4a9855dc70800cf94cb91cdd7503d7c
-
SHA512
92143248a9e2f68860e6111e0a45915f77d16493a95820865e71dd7896c4cc559f3067aa13633ca6203f2812559ec6987b7f816b3a083b1b9546d78566e9c96e
-
SSDEEP
1536:aocdNAcs299EkhjgvZyoiPPWA6pRs0afqcl2rjTaXHjPE5UZLGBgHxyQ:qdiX29/hgvZ2PWAAqfEnMHj9LGB+sQ
Malware Config
Signatures
-
Contacts a large (71644) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Deletes Audit logs 1 TTPs 1 IoCs
Deletes logs related to the Linux Audit framework.
-
Deletes itself 1 IoCs
-
Deletes journal logs 1 TTPs 1 IoCs
Deletes systemd journal logs. Likely to evade detection.
-
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes
-
/tmp/1559-1-0x0000000000400000-0x0000000000524748-memory.dmp/tmp/1559-1-0x0000000000400000-0x0000000000524748-memory.dmp1⤵
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality