a0bdfac0c6994a2e25543c030e85676c91bf3a07e987a6cae9bf1a3c16982e17

Analysis

max time kernel
148s
max time network
132s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
25-07-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
Size

22KB
MD5

1aecef300d427d43520f9429f0720a1d
SHA1

cdfdf9a01ab167fb947f65b2f52e7aa3585a5bf9
SHA256

06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5
SHA512

2708d4ee71faf4f67571c58cd8fa6051eb790113a938e3a4c7b8beed170e44bf717ea3f6c0352dea5a85c4501cc29cf61ff122025c7a148eb4370a791e982914
SSDEEP

384:MviiBi3f2PSrf64K5WFSlvNjXX+18lKaHWXVfDJ8xNz6p4BXoGUGOuAZ0NjKzsRM:BiBiv2PSbePxNbX+142XVfDCv6ZsjKu4

Score

7^/10

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for modification	/dev/misc/watchdog	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow

T1574

description	ioc	Process
File opened for modification	/sbin/watchdog	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for modification	/bin/watchdog	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/970/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1158/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1054/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1071/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1088/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/608/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/616/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/967/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/443/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/788/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1041/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1045/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1098/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1147/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1023/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/498/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/934/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/981/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/486/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/611/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1090/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1091/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1397/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/800/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/807/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/578/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/579/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/648/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1075/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1102/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1257/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/694/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/783/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/927/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/949/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1074/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/452/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/805/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1073/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1082/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1207/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1419/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/440/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/525/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/813/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/898/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1077/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/546/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1117/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1184/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1396/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/453/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/526/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/991/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/996/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/584/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1115/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1241/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1064/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1072/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/510/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/652/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/1119/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
File opened for reading	/proc/589/cmdline	06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf

/tmp/06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
/tmp/06bef7f1edfc51a69156836110b5e25610d978ed85b89012372740c37e2f74c5.elf
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:1398

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads