Analysis
-
max time kernel
149s -
max time network
146s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
12-11-2024 10:08
Static task
static1
Behavioral task
behavioral1
Sample
4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf
-
Size
60KB
-
MD5
3466cbc89e9e6eb9f99c812a56838b23
-
SHA1
089144eefb83c0974e0563f21498e003d1e52679
-
SHA256
4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767
-
SHA512
b62e1e3db41bf29e92975dac5dc18ebb08fccfbe6d56aa6f68c03ba0ddbffe9953bb5a61e41442cf8e1bbe753a8c5b99cb8b2c47baba242a45a3f144f47a78d0
-
SSDEEP
768:O44x7YY0/Z6u8f2oFdFRiF0So3q/R2s2ffSfAL9ZTXJ4YJtnw9hhtSTbhGJec15o:O4CBf2oFdOF0So1XtItSyp5vA
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elfdescription ioc Process File opened for modification /dev/misc/watchdog 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for modification /dev/watchdog 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory 1 TTPs 50 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
Processes:
4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elfdescription ioc Process File opened for reading /proc/414/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/421/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/585/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/588/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/593/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/608/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/638/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/729/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/844/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/416/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/519/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/665/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/777/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/959/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/992/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/409/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/522/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/589/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/662/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/743/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/783/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/846/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/611/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/612/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/644/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/735/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/740/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/965/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/415/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/498/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/772/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/872/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/633/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/634/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/639/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/741/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/769/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/839/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/974/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/997/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/455/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/587/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/670/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/672/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/784/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/411/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/499/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/721/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/868/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/982/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf -
Changes its process name 1 IoCs
Processes:
4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elfdescription ioc pid Process Changes the process name, possibly in an attempt to hide itself a 1569 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf -
Processes:
4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elfdescription ioc Process File opened for reading /proc/1073/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1157/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1278/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1313/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1184/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1282/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1490/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1145/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1165/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1166/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1202/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1243/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1040/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1158/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1162/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1163/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1344/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1364/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1580/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1035/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1056/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1159/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1190/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1233/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1557/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1081/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1015/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1085/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1064/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1095/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1133/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1431/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1439/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1452/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1046/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1142/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1189/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1546/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1104/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1126/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1160/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1161/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1164/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1177/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1248/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1558/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1571/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1086/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1169/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1241/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1253/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1055/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1196/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1290/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1106/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1174/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1255/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1287/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1386/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1102/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1353/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1382/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf File opened for reading /proc/1573/maps 4ed362103fa27a8618955696b657c80cb5f1491b282cca11ee28ef966d1a1767.elf