Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231221-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231221-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
20-02-2024 22:48
Behavioral task
behavioral1
Sample
d128cd316b18328301e7127f59d16a02.elf
Resource
ubuntu1804-amd64-20231221-en
General
-
Target
d128cd316b18328301e7127f59d16a02.elf
-
Size
168KB
-
MD5
d128cd316b18328301e7127f59d16a02
-
SHA1
26bae1e3ec8d4043b3c0c0c68d6c538782856eca
-
SHA256
3f1389bc57d457bf9dfc0cd70ddd2fba878eea14db51bb54944579fb85990d8e
-
SHA512
93ded5471caf892b1ce5049363468c65b92c03365f048f064e2ade2190f7a913c70c497eca62d8d0ff6b4fc758bb6b4ce37363fc56fd37737bf8f269243740fe
-
SSDEEP
3072:8PSi28gcKeX9BCHDd4tccPifbAI9XYM2bkzBe/B+hVn8vWQcY1EKk5WcTM:B8gSGd4pPCf9XY1Ke/ghZ8vWQcY1EKkM
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
d128cd316b18328301e7127f59d16a02.elfdescription ioc process File opened for modification /etc/crontab d128cd316b18328301e7127f59d16a02.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/1552/exe