Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240522.1-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    12-11-2024 02:40

General

  • Target

    928cc6c6da15f3e8df4b213fdcdb3bf7891368b36a8e8dc3eb8e9bbb513c325d.elf

  • Size

    60KB

  • MD5

    bb82428ecfa3e8da73e8e17da7024716

  • SHA1

    8814932fc5637930077f823d9e67601411d196e5

  • SHA256

    928cc6c6da15f3e8df4b213fdcdb3bf7891368b36a8e8dc3eb8e9bbb513c325d

  • SHA512

    14381d9a600ac1f05fbc7c59d39021c761889bbcfc73d8d0fe90adca204fac647d4288bea475eeb46dfd3be673e0d79b289faaccc27728795fc5f75181939eeb

  • SSDEEP

    1536:HlfdBc1C1Eocmq0qWSBN1/wNfTBsebQma:HlE1C1Eo1q0TS31/I+ebt

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory 1 TTPs 50 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

  • Changes its process name 1 IoCs
  • Reads runtime system information 63 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/928cc6c6da15f3e8df4b213fdcdb3bf7891368b36a8e8dc3eb8e9bbb513c325d.elf
    /tmp/928cc6c6da15f3e8df4b213fdcdb3bf7891368b36a8e8dc3eb8e9bbb513c325d.elf
    1⤵
    • Modifies Watchdog functionality
    • Reads process memory
    • Changes its process name
    • Reads runtime system information
    PID:1549

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads