Analysis
-
max time kernel
147s -
max time network
149s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
15-11-2024 22:32
Behavioral task
behavioral1
Sample
Satan.x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
6 signatures
150 seconds
General
-
Target
Satan.x86.elf
-
Size
37KB
-
MD5
08cf04b0ad15a8c7c449088e16315353
-
SHA1
ffacbdbcd817f007e6c57c54b4bbbf69c717670e
-
SHA256
45dfa91dd7d2e4786d97d8306ecd7ddb681ee47307c5c71adfa363a99579e9a7
-
SHA512
5484205f6981d97b2712a1d1b9ae18133ddd279aa466a0fb4da48e4613a9e33a45d2f83fe938a890308c1fab93f6ef44c0665c8b2d21990fe2284c88909adcae
-
SSDEEP
768:ha+BWS+ZPwIIBPGXna4nvdQL5zc6R96SMO/ieUeSMIAdhLc8Cf71nbcuyD7UrQRq:ha+BH+hKBAa4Vcc6RwSMO/ieCMzXI8CB
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog Satan.x86.elf File opened for modification /dev/misc/watchdog Satan.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog Satan.x86.elf File opened for modification /bin/watchdog Satan.x86.elf -
description ioc Process File opened for reading /proc/110/status Satan.x86.elf File opened for reading /proc/315/status Satan.x86.elf File opened for reading /proc/1167/status Satan.x86.elf File opened for reading /proc/206/status Satan.x86.elf File opened for reading /proc/590/status Satan.x86.elf File opened for reading /proc/771/status Satan.x86.elf File opened for reading /proc/1163/status Satan.x86.elf File opened for reading /proc/24/status Satan.x86.elf File opened for reading /proc/93/status Satan.x86.elf File opened for reading /proc/163/status Satan.x86.elf File opened for reading /proc/202/status Satan.x86.elf File opened for reading /proc/1170/status Satan.x86.elf File opened for reading /proc/1183/status Satan.x86.elf File opened for reading /proc/1215/status Satan.x86.elf File opened for reading /proc/1365/status Satan.x86.elf File opened for reading /proc/113/status Satan.x86.elf File opened for reading /proc/508/status Satan.x86.elf File opened for reading /proc/866/status Satan.x86.elf File opened for reading /proc/1044/status Satan.x86.elf File opened for reading /proc/1164/status Satan.x86.elf File opened for reading /proc/5/status Satan.x86.elf File opened for reading /proc/10/status Satan.x86.elf File opened for reading /proc/200/status Satan.x86.elf File opened for reading /proc/208/status Satan.x86.elf File opened for reading /proc/653/status Satan.x86.elf File opened for reading /proc/1053/status Satan.x86.elf File opened for reading /proc/1054/status Satan.x86.elf File opened for reading /proc/1084/status Satan.x86.elf File opened for reading /proc/11/status Satan.x86.elf File opened for reading /proc/12/status Satan.x86.elf File opened for reading /proc/73/status Satan.x86.elf File opened for reading /proc/90/status Satan.x86.elf File opened for reading /proc/210/status Satan.x86.elf File opened for reading /proc/1038/status Satan.x86.elf File opened for reading /proc/15/status Satan.x86.elf File opened for reading /proc/79/status Satan.x86.elf File opened for reading /proc/82/status Satan.x86.elf File opened for reading /proc/204/status Satan.x86.elf File opened for reading /proc/88/status Satan.x86.elf File opened for reading /proc/119/status Satan.x86.elf File opened for reading /proc/634/status Satan.x86.elf File opened for reading /proc/1105/status Satan.x86.elf File opened for reading /proc/768/status Satan.x86.elf File opened for reading /proc/776/status Satan.x86.elf File opened for reading /proc/843/status Satan.x86.elf File opened for reading /proc/1132/status Satan.x86.elf File opened for reading /proc/75/status Satan.x86.elf File opened for reading /proc/101/status Satan.x86.elf File opened for reading /proc/452/status Satan.x86.elf File opened for reading /proc/545/status Satan.x86.elf File opened for reading /proc/1141/status Satan.x86.elf File opened for reading /proc/1307/status Satan.x86.elf File opened for reading /proc/80/status Satan.x86.elf File opened for reading /proc/86/status Satan.x86.elf File opened for reading /proc/102/status Satan.x86.elf File opened for reading /proc/749/status Satan.x86.elf File opened for reading /proc/263/status Satan.x86.elf File opened for reading /proc/540/status Satan.x86.elf File opened for reading /proc/1240/status Satan.x86.elf File opened for reading /proc/97/status Satan.x86.elf File opened for reading /proc/426/status Satan.x86.elf File opened for reading /proc/594/status Satan.x86.elf File opened for reading /proc/783/status Satan.x86.elf File opened for reading /proc/13/status Satan.x86.elf