a05bad1e51e3f411aa864b4086a2f0fc2d550446b88710be8b572a5933b0d0eb

Analysis

max time kernel
150s
max time network
151s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231222-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
13-02-2024 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a05bad1e51e3f411aa864b4086a2f0fc2d550446b88710be8b572a5933b0d0eb.elf
Size

30KB
MD5

4b3b24ab9662291f2a34122ab643720c
SHA1

5920acbaa4f7b6cf4f0a2a49c2ffe18fe867e1df
SHA256

a05bad1e51e3f411aa864b4086a2f0fc2d550446b88710be8b572a5933b0d0eb
SHA512

5342aa0832bc22480bf1f3c006ad9d068847b2303586f78d7aaa5281d2278f876853fb99ded4d3d13dd5f1f09c646e3483b497f92537bf54151b85da4c6a932e
SSDEEP

768:9novhk3/l4UogSvV8QwOrfCJi3sefz8rKX1Keq+pF:9nopk94UFSvRwOrfC0Tfz801X

Score

7^/10

Malware Config

Signatures

Flushes firewall rules 4 IoCs

Flushes/ disables firewall rules inside the Linux kernel.

pid	Process
1615	iptables
1625	iptables
1629	iptables
1630	iptables

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc	Process
File opened for modification	/etc/resolv.conf	a05bad1e51e3f411aa864b4086a2f0fc2d550446b88710be8b572a5933b0d0eb.elf

/tmp/a05bad1e51e3f411aa864b4086a2f0fc2d550446b88710be8b572a5933b0d0eb.elf
/tmp/a05bad1e51e3f411aa864b4086a2f0fc2d550446b88710be8b572a5933b0d0eb.elf
1⤵
- Writes DNS configuration
PID:1607

/sbin/iptables
iptables -P INPUT ACCEPT
1⤵
PID:1610

/sbin/iptables
iptables -P FORWARD ACCEPT
1⤵
PID:1613

/sbin/iptables
iptables -P OUTPUT ACCEPT
1⤵
PID:1614

/sbin/iptables
iptables -t nat -F
1⤵
- Flushes firewall rules
PID:1615

/sbin/iptables
iptables -t mangle -F
1⤵
- Flushes firewall rules
PID:1625

/sbin/iptables
iptables -F
1⤵
- Flushes firewall rules
PID:1629

/sbin/iptables
iptables -X
1⤵
- Flushes firewall rules
PID:1630

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads