General
-
Target
1476-1-0x0000000008048000-0x00000000080dd670-memory.dmp
-
Size
550KB
-
Sample
240425-rxqdfsbf93
-
MD5
568264350ee36fa052e450ea1abb363a
-
SHA1
085eb89757c72c855a31bb06ae64badf51a8cf54
-
SHA256
7cd4bfb3b0e27989012024605cc453dbc8a226b413d84e2560ae4af70d0dc238
-
SHA512
9788bbe3740f12ce75897b037e1a9032ec3d1bb3d66922804ce411a54ce77efc8ace343bae132bb10a5f36ec8c41402b6b440fcb7cfa170e7ce917f93c0931f6
-
SSDEEP
12288:c4gOtjAMa0XvCH43s7QcCGazY66yDZoJlu:c4v1XvCH43s7QcCGazM3
Behavioral task
behavioral1
Sample
1476-1-0x0000000008048000-0x00000000080dd670-memory.dmp
Resource
ubuntu2004-amd64-20240221-en
Malware Config
Targets
-
-
Target
1476-1-0x0000000008048000-0x00000000080dd670-memory.dmp
-
Size
550KB
-
MD5
568264350ee36fa052e450ea1abb363a
-
SHA1
085eb89757c72c855a31bb06ae64badf51a8cf54
-
SHA256
7cd4bfb3b0e27989012024605cc453dbc8a226b413d84e2560ae4af70d0dc238
-
SHA512
9788bbe3740f12ce75897b037e1a9032ec3d1bb3d66922804ce411a54ce77efc8ace343bae132bb10a5f36ec8c41402b6b440fcb7cfa170e7ce917f93c0931f6
-
SSDEEP
12288:c4gOtjAMa0XvCH43s7QcCGazY66yDZoJlu:c4v1XvCH43s7QcCGazM3
Score10/10-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Writes file to system bin folder
-