Analysis
-
max time kernel
143s -
max time network
152s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
03/08/2024, 02:23
General
-
Target
e20846f76f42befad824f875d34ea50d5ca63fb35604960000a213166614f9c1.elf
-
Size
46KB
-
MD5
e83939eed7a97b59d4d1d72fb8ab12bb
-
SHA1
5a9ad331ba5364752987a644efd8733b44d6ca16
-
SHA256
e20846f76f42befad824f875d34ea50d5ca63fb35604960000a213166614f9c1
-
SHA512
90eca2737c4a1e0aaf75f2fc8ec0346790d1686068970adb71b70c2740a14e1a87c8440c191bb17c721e7c8c62d0b985c98da8bd5b5bb1422b472990df8414e4
-
SSDEEP
768:yg7D/8yJ3kF+OA063FHD+KQvhmRpeibHH8yc7FUldHZv/EJbYrTZOf3JFim/wXgA:ND8pF+OAxgKPpzHcyp75v/qdim4YFuAU
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog e20846f76f42befad824f875d34ea50d5ca63fb35604960000a213166614f9c1.elf File opened for modification /dev/misc/watchdog e20846f76f42befad824f875d34ea50d5ca63fb35604960000a213166614f9c1.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/www/html 2524 e20846f76f42befad824f875d34ea50d5ca63fb35604960000a213166614f9c1.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/exe e20846f76f42befad824f875d34ea50d5ca63fb35604960000a213166614f9c1.elf