Overview
overview
10Static
static
1000decd0673...c0.vbs
windows7-x64
300decd0673...c0.vbs
windows10-2004-x64
7016005310b...cb.elf
ubuntu-18.04-amd64
70282cdf346...7d.elf
ubuntu-18.04-amd64
0282cdf346...7d.elf
debian-9-armhf
0282cdf346...7d.elf
debian-9-mips
0282cdf346...7d.elf
debian-9-mipsel
02a690404a...3d.exe
windows7-x64
1002a690404a...3d.exe
windows10-2004-x64
1002e3a95647...5d.exe
windows7-x64
1002e3a95647...5d.exe
windows10-2004-x64
100386b03840...53.elf
debian-9-armhf
10039cf1e827...5b.exe
windows7-x64
10039cf1e827...5b.exe
windows10-2004-x64
304854dadf5...5c.elf
ubuntu-18.04-amd64
04854dadf5...5c.elf
debian-9-armhf
04854dadf5...5c.elf
debian-9-mips
04854dadf5...5c.elf
debian-9-mipsel
077c3e19ea...6b.elf
ubuntu-18.04-amd64
077c3e19ea...6b.elf
debian-9-armhf
077c3e19ea...6b.elf
debian-9-mips
077c3e19ea...6b.elf
debian-9-mipsel
078981526f...f6.exe
windows7-x64
9078981526f...f6.exe
windows10-2004-x64
907e5ccafd9...ab.exe
windows7-x64
1007e5ccafd9...ab.exe
windows10-2004-x64
100932f5d800...16.exe
windows7-x64
100932f5d800...16.exe
windows10-2004-x64
10096a3baa4b...75.exe
windows7-x64
6096a3baa4b...75.exe
windows10-2004-x64
100993d4c07d...3e.exe
windows7-x64
100993d4c07d...3e.exe
windows10-2004-x64
10Analysis
-
max time kernel
151s -
max time network
151s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240221-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240221-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
23/02/2024, 02:03
Static task
static1
Behavioral task
behavioral1
Sample
00decd06732fecef7a4c6db953d90a9fc76b9ad9ed2b8e183a07a365c45254c0.vbs
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
00decd06732fecef7a4c6db953d90a9fc76b9ad9ed2b8e183a07a365c45254c0.vbs
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
016005310b52d074fae59ca6682bd047ffe909f2849122ea0181c26ad2da41cb.elf
Resource
ubuntu1804-amd64-20240221-en
ubuntu-18.04-amd64
Behavioral task
behavioral4
Sample
0282cdf346cafd7c63e35926443f388a18de964f07a3db45a88270e8d09f697d.elf
Resource
ubuntu1804-amd64-20240221-en
ubuntu-18.04-amd64
Behavioral task
behavioral5
Sample
0282cdf346cafd7c63e35926443f388a18de964f07a3db45a88270e8d09f697d.elf
Resource
debian9-armhf-20240221-en
debian-9-armhf
Behavioral task
behavioral6
Sample
0282cdf346cafd7c63e35926443f388a18de964f07a3db45a88270e8d09f697d.elf
Resource
debian9-mipsbe-20240221-en
debian-9-mips
Behavioral task
behavioral7
Sample
0282cdf346cafd7c63e35926443f388a18de964f07a3db45a88270e8d09f697d.elf
Resource
debian9-mipsel-20240221-en
debian-9-mipsel
Behavioral task
behavioral8
Sample
02a690404a3d82ed7aef87f8518cac02809384d6b0550a36fc837c8552255d3d.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral9
Sample
02a690404a3d82ed7aef87f8518cac02809384d6b0550a36fc837c8552255d3d.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
02e3a95647684ad0501b2e25d0ff6afe117e8ae38c892f3416f174baafb8445d.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral11
Sample
02e3a95647684ad0501b2e25d0ff6afe117e8ae38c892f3416f174baafb8445d.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
0386b038402a99ab607a9b0ceb469d25f563f34b3d5c1548751c6b9c7843e653.elf
Resource
debian9-armhf-20240221-en
debian-9-armhf
Behavioral task
behavioral13
Sample
039cf1e827f8a2bcf066d1b64e92b333a5973fe9ada6c0f6a6bef4020925355b.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
039cf1e827f8a2bcf066d1b64e92b333a5973fe9ada6c0f6a6bef4020925355b.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
04854dadf5950eb39709f2cd5ab2844f79490ac0ae58d71ca46cca479031ff5c.elf
Resource
ubuntu1804-amd64-20240221-en
ubuntu-18.04-amd64
Behavioral task
behavioral16
Sample
04854dadf5950eb39709f2cd5ab2844f79490ac0ae58d71ca46cca479031ff5c.elf
Resource
debian9-armhf-20240221-en
debian-9-armhf
Behavioral task
behavioral17
Sample
04854dadf5950eb39709f2cd5ab2844f79490ac0ae58d71ca46cca479031ff5c.elf
Resource
debian9-mipsbe-20240221-en
debian-9-mips
Behavioral task
behavioral18
Sample
04854dadf5950eb39709f2cd5ab2844f79490ac0ae58d71ca46cca479031ff5c.elf
Resource
debian9-mipsel-20240221-en
debian-9-mipsel
Behavioral task
behavioral19
Sample
077c3e19eacd87bf8ff3af56734434a989788ed52b20af77a6a2f89f5a1a986b.elf
Resource
ubuntu1804-amd64-20240221-en
ubuntu-18.04-amd64
Behavioral task
behavioral20
Sample
077c3e19eacd87bf8ff3af56734434a989788ed52b20af77a6a2f89f5a1a986b.elf
Resource
debian9-armhf-20240221-en
debian-9-armhf
Behavioral task
behavioral21
Sample
077c3e19eacd87bf8ff3af56734434a989788ed52b20af77a6a2f89f5a1a986b.elf
Resource
debian9-mipsbe-20240221-en
debian-9-mips
Behavioral task
behavioral22
Sample
077c3e19eacd87bf8ff3af56734434a989788ed52b20af77a6a2f89f5a1a986b.elf
Resource
debian9-mipsel-20240221-en
debian-9-mipsel
Behavioral task
behavioral23
Sample
078981526fd0969e928c1b785c9e1da97ff159248dabf04132ea8fab9347acf6.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
078981526fd0969e928c1b785c9e1da97ff159248dabf04132ea8fab9347acf6.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
07e5ccafd9ac5416dce0c5c04eba91ba647cb00fdac7fb67b11b1d42729beeab.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
07e5ccafd9ac5416dce0c5c04eba91ba647cb00fdac7fb67b11b1d42729beeab.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
0932f5d800ebb0e22e6323f1e64bdf3b6125b2e9b205d9f333f1857da72d7516.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
0932f5d800ebb0e22e6323f1e64bdf3b6125b2e9b205d9f333f1857da72d7516.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
096a3baa4ba3d03b673524a281f63fa16e15a7880e5174a8679db9193eb48a75.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
096a3baa4ba3d03b673524a281f63fa16e15a7880e5174a8679db9193eb48a75.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
0993d4c07d308fe8dffae59c2bcea46471d87eb128e0212a295941bd7703733e.exe
Resource
win7-20240221-en
windows7-x64
General
-
Target
016005310b52d074fae59ca6682bd047ffe909f2849122ea0181c26ad2da41cb.elf
-
Size
72KB
-
MD5
ff2986c0ae9f76f395a03eb041d3f736
-
SHA1
cd72af507c7d47b5765d94028e8b1284010f4a24
-
SHA256
016005310b52d074fae59ca6682bd047ffe909f2849122ea0181c26ad2da41cb
-
SHA512
e4bbcc096bc3eccc094f700937844fd0f0d29054368b41c9041841ef7c6255e72b1c5be5c3d67668cdfd965babc2ac56a9cb1e33d0eb9afb2a16bd99dda6fefc
-
SSDEEP
1536:XNQb3EPdjmfX41gPEe/yWhxwZcJebovZ9AsUmJ:X+EVKfXlp/ynZOebmZ9AsJ
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 1550 016005310b52d074fae59ca6682bd047ffe909f2849122ea0181c26ad2da41cb.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/1202/mnt File opened for reading /proc/1303/mnt File opened for reading /proc/9/mnt File opened for reading /proc/22/mnt File opened for reading /proc/30/mnt File opened for reading /proc/553/mnt File opened for reading /proc/664/mnt File opened for reading /proc/1159/mnt File opened for reading /proc/1547/mnt File opened for reading /proc/1548/mnt File opened for reading /proc/6/mnt File opened for reading /proc/15/mnt File opened for reading /proc/441/mnt File opened for reading /proc/615/mnt File opened for reading /proc/1183/mnt File opened for reading /proc/1206/mnt File opened for reading /proc/1265/mnt File opened for reading /proc/36/mnt File opened for reading /proc/135/mnt File opened for reading /proc/253/mnt File opened for reading /proc/974/mnt File opened for reading /proc/1203/mnt File opened for reading /proc/1208/mnt File opened for reading /proc/78/mnt File opened for reading /proc/84/mnt File opened for reading /proc/187/mnt File opened for reading /proc/4/mnt File opened for reading /proc/5/mnt File opened for reading /proc/11/mnt File opened for reading /proc/177/mnt File opened for reading /proc/675/mnt File opened for reading /proc/1168/mnt File opened for reading /proc/34/mnt File opened for reading /proc/89/mnt File opened for reading /proc/651/mnt File opened for reading /proc/1042/mnt File opened for reading /proc/1072/mnt File opened for reading /proc/1076/mnt File opened for reading /proc/1128/mnt File opened for reading /proc/1/mnt File opened for reading /proc/2/mnt File opened for reading /proc/179/mnt File opened for reading /proc/1023/mnt File opened for reading /proc/1086/mnt File opened for reading /proc/1355/mnt File opened for reading /proc/1249/mnt File opened for reading /proc/35/mnt File opened for reading /proc/85/mnt File opened for reading /proc/471/mnt File opened for reading /proc/536/mnt File opened for reading /proc/740/mnt File opened for reading /proc/1149/mnt File opened for reading /proc/20/mnt File opened for reading /proc/79/mnt File opened for reading /proc/27/mnt File opened for reading /proc/180/mnt File opened for reading /proc/1137/mnt File opened for reading /proc/1319/mnt File opened for reading /proc/25/mnt File opened for reading /proc/484/mnt File opened for reading /proc/1546/mnt File opened for reading /proc/1163/mnt File opened for reading /proc/32/mnt File opened for reading /proc/83/mnt