Overview

overview

7

Static

static

1

amd64

ubuntu-22.04-amd64

7

Analysis

  • max time kernel
    114s
  • max time network
    115s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240522.1-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    03-07-2024 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    amd64

  • Size

    5.1MB

  • MD5

    2be087e54204a6c395e05516c53fd579

  • SHA1

    3bdad143cd168a2015aba2053e53f99a24d52ace

  • SHA256

    b60ad90687871ae94e2b33cf2320f523ee614893215335dc5958a6a705488330

  • SHA512

    2ab629a5f9637c7026069e5cc7b473968290b8eb42158dc93c46613d2b4b0ef39149f158b71dda8b2c8bbbebd58ba28cf5437fc0d083fca37deb84423a769db8

  • SSDEEP

    49152:YB9Em2vjYVfh5jw9aF8k4yHwXrD3LwJKiCb85E6l9HblTLEGdvIRKnuI:QDVf/Y4jMrDr8E+rvuK1

Score
7/10
persistence

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Creates/modifies environment variables 1 TTPs 3 IoCs

    Creating/modifying environment variables is a common persistence mechanism.

    persistence
  • Modifies init.d 1 TTPs 34 IoCs

    Adds/modifies system service, likely for persistence.

    persistence
  • Modifies Bash startup script 1 TTPs 3 IoCs
    persistence
  • Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 6 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/amd64
    /tmp/amd64
    1⤵
    • Enumerates kernel/hardware configuration
    PID:1542
    • /tmp/amd64
      /tmp/amd64 " "
      2⤵
      • Modifies Watchdog functionality
      • Creates/modifies environment variables
      • Modifies init.d
      • Modifies Bash startup script
      • Enumerates kernel/hardware configuration
      PID:1555
      • /usr/sbin/update-rc.d
        update-rc.d dns-udp4 defaults
        3⤵
          PID:1559
          • /usr/local/sbin/systemctl
            systemctl daemon-reload
            4⤵
              PID:1560
            • /usr/local/bin/systemctl
              systemctl daemon-reload
              4⤵
                PID:1560
              • /usr/sbin/systemctl
                systemctl daemon-reload
                4⤵
                  PID:1560
                • /usr/bin/systemctl
                  systemctl daemon-reload
                  4⤵
                  • Reads runtime system information
                  PID:1560
              • /usr/bin/mount
                mount -o bind /tmp/ /proc/1555
                3⤵
                • Reads runtime system information
                PID:1597
              • /usr/sbin/service
                service cron start
                3⤵
                  PID:1599
                  • /usr/bin/basename
                    basename /usr/sbin/service
                    4⤵
                      PID:1600
                    • /usr/bin/basename
                      basename /usr/sbin/service
                      4⤵
                        PID:1601
                      • /usr/bin/sed
                        sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                        4⤵
                        • Reads runtime system information
                        PID:1604
                      • /usr/bin/systemctl
                        systemctl list-unit-files --full "--type=socket"
                        4⤵
                        • Reads runtime system information
                        PID:1603
                    • /usr/local/sbin/systemctl
                      systemctl start cron.service
                      3⤵
                        PID:1599
                      • /usr/local/bin/systemctl
                        systemctl start cron.service
                        3⤵
                          PID:1599
                        • /usr/sbin/systemctl
                          systemctl start cron.service
                          3⤵
                            PID:1599
                          • /usr/bin/systemctl
                            systemctl start cron.service
                            3⤵
                            • Reads runtime system information
                            PID:1599
                          • /usr/bin/systemctl
                            systemctl start crond.service
                            3⤵
                            • Reads runtime system information
                            PID:1613

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • /.mod
                        Filesize

                        27B

                        MD5

                        f449ef47c4f79ab4ecfe3d11022333d5

                        SHA1

                        61ebb524cee5a049cc96bf2cbf339a47dcb1b622

                        SHA256

                        503dffa20530956c5f61187e00935f20fe508c35dbb1fcf665b5d28d07d3d704

                        SHA512

                        a7015de8bd582dbf7ce6df708a58a725e1b1cd472c6616fbb89a9738c533c042ac39c071ca0cf2fc5df8e56f33bf8a28b1ebd3076570f5028cff773af89031f6

                        Download Submit

                      • /boot/system.pub
                        Filesize

                        5.1MB

                        MD5

                        2be087e54204a6c395e05516c53fd579

                        SHA1

                        3bdad143cd168a2015aba2053e53f99a24d52ace

                        SHA256

                        b60ad90687871ae94e2b33cf2320f523ee614893215335dc5958a6a705488330

                        SHA512

                        2ab629a5f9637c7026069e5cc7b473968290b8eb42158dc93c46613d2b4b0ef39149f158b71dda8b2c8bbbebd58ba28cf5437fc0d083fca37deb84423a769db8

                        Download Submit

                      • /etc/.cfg
                        Filesize

                        57B

                        MD5

                        25bfc97b9241077f7ee65c9d5831c0ae

                        SHA1

                        4d1e84cfe6f0619642400cbcc77ee008d452f622

                        SHA256

                        7e18da2137e9453fd98ed61aa79420a173383b2f7a5fe6538b70fbb560f9b3f6

                        SHA512

                        e3686c1fe664e67fc503275c6c0fa831ee43c1b081d8f826a616314505e3f952f98a8697911d1799e3f8c1957cd3a1bb5f888766877e5081b32942a6f2d8bff3

                        Download Submit

                      • /etc/.cfg
                        Filesize

                        114B

                        MD5

                        bbceef43eab8622a129eb403c03dadbe

                        SHA1

                        e578c0eeee890ff4b281005268021f2dab5fbcfc

                        SHA256

                        45874ff11b72da349deec0264f35ef68952bc8e1cc7e56206976ac6ea010d193

                        SHA512

                        7ec27673fbdc0dc433f9a47b9716730a172e5e96dceda467929be367cf2cf23c7155915b625182219f11b8f4d5eaef9292941047e09878c656b7b228af0f5c3a

                        Download Submit

                      • /etc/init.d/dns-udp4
                        Filesize

                        159B

                        MD5

                        79f1a0bf1a838c817142e43a5818733a

                        SHA1

                        768ed04a737dbdc969165092694e0e977321ca19

                        SHA256

                        a3f7d4499b03a14ff2de76122b6a61c221151f59daa6a63a78ae5a805c95a482

                        SHA512

                        b6d6f76f3e5b768a6670e05276724b70609259c856ba90ad34f8a782ac40134b9cf5cdabebb4aa55f076a786cedf8491adda9835f9d4aee90bd1820a45b2fbce

                        Download Submit

                      • /etc/profile.d/gateway.sh
                        Filesize

                        4KB

                        MD5

                        4112c36725ae465f31485ef9fa0d132d

                        SHA1

                        9eafc2693ebbf829390bc5f53639cb253eae9e9e

                        SHA256

                        f530cd599d2505c40f29bd284ce61bc7227f0579ff88160ab72a00a3ddfe0f21

                        SHA512

                        dcb6f4a6d592d0f8f766e39dfa5bc5b8eb52a1924c5287ed64a5fefeca344cbb4c48a596e1335b30757d30918c90d439ad453c22b62216953f44349c153a348b

                        Download Submit