Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
03/08/2024, 21:51
General
-
Target
xd.x86.elf
-
Size
31KB
-
MD5
bb45ec0586ba96c99c03786a50c4f490
-
SHA1
50c839588299bd6ffb98675be333efae88d47262
-
SHA256
10d183eb64391a8f0e1c3d778e82f50cd5c802136b4c10c3bc00fde4b4863221
-
SHA512
46da474f86e67383ce5d9ea2d065444f4a3deb3a03d2d78ba554e78801c3f5362005d0d36448f2a5c8d5be8e4d8f63c46290db62fedc164b5efd472dd2395e9f
-
SSDEEP
768:9YOrsW7QTAK05lsehQ6cOuk/6sHceu/qU+E/cE9QF:9NrHoAK0hTmY98eu/qU+7V
Malware Config
Extracted
mirai
LZRD
Signatures
-
Contacts a large (20554) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog xd.x86.elf File opened for modification /dev/misc/watchdog xd.x86.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp xd.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp xd.x86.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1626/exe xd.x86.elf File opened for reading /proc/866/fd xd.x86.elf File opened for reading /proc/1206/fd xd.x86.elf File opened for reading /proc/521/exe xd.x86.elf File opened for reading /proc/1096/exe xd.x86.elf File opened for reading /proc/1407/exe xd.x86.elf File opened for reading /proc/652/fd xd.x86.elf File opened for reading /proc/1395/fd xd.x86.elf File opened for reading /proc/1172/fd xd.x86.elf File opened for reading /proc/1175/fd xd.x86.elf File opened for reading /proc/1588/fd xd.x86.elf File opened for reading /proc/1599/exe xd.x86.elf File opened for reading /proc/1153/fd xd.x86.elf File opened for reading /proc/1590/fd xd.x86.elf File opened for reading /proc/404/exe xd.x86.elf File opened for reading /proc/1600/exe xd.x86.elf File opened for reading /proc/1564/exe xd.x86.elf File opened for reading /proc/1072/fd xd.x86.elf File opened for reading /proc/1171/fd xd.x86.elf File opened for reading /proc/445/exe xd.x86.elf File opened for reading /proc/1141/exe xd.x86.elf File opened for reading /proc/1462/exe xd.x86.elf File opened for reading /proc/738/exe xd.x86.elf File opened for reading /proc/1323/exe xd.x86.elf File opened for reading /proc/1059/fd xd.x86.elf File opened for reading /proc/1180/fd xd.x86.elf File opened for reading /proc/1327/fd xd.x86.elf File opened for reading /proc/988/exe xd.x86.elf File opened for reading /proc/1011/exe xd.x86.elf File opened for reading /proc/582/exe xd.x86.elf File opened for reading /proc/770/exe xd.x86.elf File opened for reading /proc/837/exe xd.x86.elf File opened for reading /proc/1296/exe xd.x86.elf File opened for reading /proc/1114/exe xd.x86.elf File opened for reading /proc/445/fd xd.x86.elf File opened for reading /proc/657/fd xd.x86.elf File opened for reading /proc/770/fd xd.x86.elf File opened for reading /proc/1282/fd xd.x86.elf File opened for reading /proc/644/exe xd.x86.elf File opened for reading /proc/1/fd xd.x86.elf File opened for reading /proc/1184/fd xd.x86.elf File opened for reading /proc/1162/exe xd.x86.elf File opened for reading /proc/631/exe xd.x86.elf File opened for reading /proc/953/fd xd.x86.elf File opened for reading /proc/968/fd xd.x86.elf File opened for reading /proc/1158/fd xd.x86.elf File opened for reading /proc/1195/fd xd.x86.elf File opened for reading /proc/524/exe xd.x86.elf File opened for reading /proc/1174/fd xd.x86.elf File opened for reading /proc/409/exe xd.x86.elf File opened for reading /proc/1174/exe xd.x86.elf File opened for reading /proc/1175/exe xd.x86.elf File opened for reading /proc/1318/exe xd.x86.elf File opened for reading /proc/987/exe xd.x86.elf File opened for reading /proc/1080/exe xd.x86.elf File opened for reading /proc/1171/exe xd.x86.elf File opened for reading /proc/373/fd xd.x86.elf File opened for reading /proc/412/fd xd.x86.elf File opened for reading /proc/631/fd xd.x86.elf File opened for reading /proc/1187/fd xd.x86.elf File opened for reading /proc/630/exe xd.x86.elf File opened for reading /proc/1319/exe xd.x86.elf File opened for reading /proc/1401/exe xd.x86.elf File opened for reading /proc/1426/exe xd.x86.elf