Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    12-11-2024 02:20

General

  • Target

    4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf

  • Size

    60KB

  • MD5

    3466cbc89e9e6eb9f99c812a56838b23

  • SHA1

    089144eefb83c0974e0563f21498e003d1e52679

  • SHA256

    4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767

  • SHA512

    b62e1e3db41bf29e92975dac5dc18ebb08fccfbe6d56aa6f68c03ba0ddbffe9953bb5a61e41442cf8e1bbe753a8c5b99cb8b2c47baba242a45a3f144f47a78d0

  • SSDEEP

    768:O44x7YY0/Z6u8f2oFdFRiF0So3q/R2s2ffSfAL9ZTXJ4YJtnw9hhtSTbhGJec15o:O4CBf2oFdOF0So1XtItSyp5vA

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory 1 TTPs 51 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

  • Changes its process name 1 IoCs
  • Reads runtime system information 62 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf
    /tmp/4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf
    1⤵
    • Modifies Watchdog functionality
    • Reads process memory
    • Changes its process name
    • Reads runtime system information
    PID:1565

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads