81668fc09cbfd26747009ae2df8de413c13cab94bd42ca4b168c1717e66aef65

Analysis

max time kernel
149s
max time network
151s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
25-03-2024 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4.elf
Size

57KB
MD5

612c87fd35c8ef7af4947100de47c83b
SHA1

8899c509ed9715f61eb1f9791c6637389e84412a
SHA256

10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4
SHA512

ea52dbc5b124a2756cc2c8505b487acdf6556b714f986e1aa409f2508f077a8517f008cf41fb2a751d1500951c9259d4e7f21f7662570ccb698f86dfc5fcef40
SSDEEP

1536:v0f5JN+LtFC7GXkEL7sz+XZE/cy4jr2+/ST:v0BJN+LtA+kEXsqJWclqb

Score

7^/10

antivm

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	xapplet	1573	10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Processes:

description ioc

File opened for modification /dev/watchdog
File opened for modification /dev/misc/watchdog
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo
Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow
T1574

Processes:

description ioc

File opened for modification /sbin/watchdog
File opened for modification /bin/watchdog

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

description	ioc
File opened for reading	/proc/cpuinfo

description	ioc
File opened for modification	/sbin/watchdog
File opened for modification	/bin/watchdog

/tmp/10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4.elf
/tmp/10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4.elf
1⤵
- Changes its process name
PID:1573

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Impair Defenses

T1562

Virtualization/Sandbox Evasion

T1497

Hijack Execution Flow

T1574

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads