Analysis
-
max time kernel
132s -
max time network
151s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
13/10/2024, 01:59
Behavioral task
behavioral1
Sample
fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf
-
Size
34KB
-
MD5
3ae258f1c4855a11e0a21e8d63dcf69f
-
SHA1
7c1bec498bbd9948782b1fe1752fab73f51eea81
-
SHA256
fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11
-
SHA512
5f9e9f6471115b6260a6a75ab694ec3eca53b40537c5653d4eb63593648e416601e868742f4c49266adf518189f7db2333d3b5f78f0d81fc81b150f4d989cfda
-
SSDEEP
768:TdSc/lBMfEnujNo0JqMA3NWBp3MW2k0NrBMqEI/WZ6n/:TvlBMfnZo0JDAdWB6W2bNrBMpI/WQ/
Malware Config
Extracted
mirai
bot.merisprivate.net
Signatures
-
Contacts a large (3074) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf File opened for modification /dev/misc/watchdog fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /bin/watchdog fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf File opened for modification /sbin/watchdog fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/ftper 1586 fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf