Resubmissions
09-04-2024 08:37
240409-kjmxvaeb2s 1009-04-2024 08:37
240409-kjmbbaag86 1009-04-2024 08:37
240409-kjlpsaea91 1007-02-2024 14:38
240207-rzqr1ahge3 10Analysis
-
max time kernel
1199s -
max time network
1201s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
09-04-2024 08:37
Behavioral task
behavioral1
Sample
4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral2
Sample
4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral3
Sample
4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral4
Sample
4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral5
Sample
4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral6
Sample
4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral7
Sample
4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf
Resource
ubuntu2004-amd64-20240221-en
General
-
Target
4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf
-
Size
168KB
-
MD5
635310bf9fce382320b3ee8716a1424f
-
SHA1
e80ec55bfb60d8629d887e07f925adcc09edd301
-
SHA256
4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b
-
SHA512
7889bb91634d2dbaa7c5eb70314f7d80590fc770cb31e178c547f38a0ccccd6c297d831b687589126316ea80d8a237ccd6afc4e0b41b8103b0ad9c6575a6cd88
-
SSDEEP
3072:8PSi28gcKeX9BCxDFwlcgPifbAIBXYM2bkzBe/B+NJP8vWQcY1EKk5WcTM:B8gSsFwdPCfBXY1Ke/gNN8vWQcY1EKkM
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /etc/crontab 4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/1578/exe