Analysis
-
max time kernel
149s -
max time network
151s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25-03-2024 02:07
Behavioral task
behavioral1
Sample
10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4.elf
Resource
ubuntu1804-amd64-20240226-en
General
-
Target
10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4.elf
-
Size
57KB
-
MD5
612c87fd35c8ef7af4947100de47c83b
-
SHA1
8899c509ed9715f61eb1f9791c6637389e84412a
-
SHA256
10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4
-
SHA512
ea52dbc5b124a2756cc2c8505b487acdf6556b714f986e1aa409f2508f077a8517f008cf41fb2a751d1500951c9259d4e7f21f7662570ccb698f86dfc5fcef40
-
SSDEEP
1536:v0f5JN+LtFC7GXkEL7sz+XZE/cy4jr2+/ST:v0BJN+LtA+kEXsqJWclqb
Malware Config
Signatures
-
Changes its process name 1 IoCs
Processes:
10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself xapplet 1573 10b7a0dcffc39b8f72848715c1515f4b5e2ab229ca52d3099c726f9c738e1cd4.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog