Analysis
-
max time kernel
149s -
max time network
154s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
03/08/2024, 01:08
General
-
Target
17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf
-
Size
29KB
-
MD5
95ff28a79fde2699c4e958a402805046
-
SHA1
79ccdc94a94ad5b049429ce24d39b2de2687d40e
-
SHA256
17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3
-
SHA512
322faef0ade53e48a17a5b106be2c8f27c5804b5fcf0c3c07eabfcf99d88cb2b7364d521ff0c91d674569a379ec91596b4563132deb045639ed5d9a2773fa28b
-
SSDEEP
768:mH4U61C/tREq04B3zEVZ7E/WCI5ujy0Hm5ESEPgD7nbcuyD7UHQRjX:m9wsEX4B3I37SPjLHm5Els7nouy8HyL
Malware Config
Extracted
mirai
MIRAI
Signatures
-
Contacts a large (20282) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for modification /dev/misc/watchdog 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1392/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1102/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1183/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/589/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/502/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/829/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1328/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/496/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1376/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1389/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/440/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/860/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1374/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/581/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/499/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/586/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/861/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/970/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1039/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/453/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1362/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/769/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/927/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1077/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1203/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1382/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/661/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1118/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/489/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/951/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1394/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/454/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/915/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1284/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/535/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1076/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1375/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/752/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1035/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1043/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1056/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1084/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1149/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1337/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1391/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/975/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/962/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1047/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1075/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1078/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1333/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1360/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1399/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/569/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1025/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/456/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/868/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1086/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1356/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/444/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/1334/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/684/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/994/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf File opened for reading /proc/999/fd 17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3.elf