Analysis
-
max time kernel
149s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28-04-2024 02:07
General
-
Target
df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf
-
Size
20KB
-
MD5
788ad2ffa9f903e010b2030190f09866
-
SHA1
86e48447bbde69b07354ddb1149a6b1ca52afd59
-
SHA256
df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10
-
SHA512
2f56cff17b678378f81f3cc0cc15ac66bf438b1fcf21acb178c70aea3ebf5025737877315a866ad08f9caf8a769af4ebb8d3c7e7b1dac3f74a2db56cd7c785c7
-
SSDEEP
384:M0DLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTH:x98o08kxofBE+ZkXaITbp2F2TWul0c57
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elfdescription ioc process File opened for modification /dev/watchdog df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for modification /dev/misc/watchdog df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elfdescription ioc process File opened for modification /sbin/watchdog df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for modification /bin/watchdog df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elfdescription ioc process File opened for reading /proc/1306/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/439/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1023/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1080/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/677/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1037/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1070/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1595/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/431/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/457/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/474/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/567/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1637/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1194/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1544/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1563/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/414/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/710/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1073/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1157/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/604/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/724/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1187/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1451/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/430/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1171/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1334/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1552/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1260/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/535/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/662/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/720/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1117/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1124/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1297/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1542/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1583/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1613/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1251/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1619/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1191/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1355/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1557/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1074/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1102/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1132/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1150/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1128/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1262/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/464/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/679/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/958/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/973/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/969/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1066/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1625/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/642/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/661/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1296/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1601/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/482/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/964/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1116/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf File opened for reading /proc/1154/cmdline df015ade97f1e4e20d7cbeea972e34873b8a31818c58ac6a219181a3a8ebbb10.elf
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1548-1-0x0000000008048000-0x00000000080547a0-memory.dmp