Analysis
-
max time kernel
149s -
max time network
151s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
15-11-2024 02:07
Behavioral task
behavioral1
Sample
xd.x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
8 signatures
150 seconds
General
-
Target
xd.x86.elf
-
Size
34KB
-
MD5
2418d9a000b6cbe0ca2cfff5d3609845
-
SHA1
da877581a3e847d530b8eb01ebb449d9239bd897
-
SHA256
e418494cf141c103f0ca8787f67405c35eb73464952c81bc0c1162680b8448de
-
SHA512
08e1547e5d24cda19398521e1af710e5a98ff39e35e8e9809114621755fe0607cc62f5330884a1201d85276a1322686ee0c8f37f4ebf4aa6efdfd5d6afb122f7
-
SSDEEP
768:Cwpimf3s1PpmFla2VIlpQwBvfo4nUGaTo5yNp0axChRVunbcuyD7UHQRjB:CQimfImja2VypQwvUIipLm3unouy8HyN
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Contacts a large (20612) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog xd.x86.elf File opened for modification /dev/misc/watchdog xd.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory 1 TTPs 64 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
description ioc Process File opened for reading /proc/586/maps xd.x86.elf File opened for reading /proc/609/maps xd.x86.elf File opened for reading /proc/714/maps xd.x86.elf File opened for reading /proc/781/maps xd.x86.elf File opened for reading /proc/3/maps xd.x86.elf File opened for reading /proc/86/maps xd.x86.elf File opened for reading /proc/99/maps xd.x86.elf File opened for reading /proc/414/maps xd.x86.elf File opened for reading /proc/207/maps xd.x86.elf File opened for reading /proc/263/maps xd.x86.elf File opened for reading /proc/18/maps xd.x86.elf File opened for reading /proc/222/maps xd.x86.elf File opened for reading /proc/553/maps xd.x86.elf File opened for reading /proc/845/maps xd.x86.elf File opened for reading /proc/679/maps xd.x86.elf File opened for reading /proc/203/maps xd.x86.elf File opened for reading /proc/984/maps xd.x86.elf File opened for reading /proc/957/maps xd.x86.elf File opened for reading /proc/6/maps xd.x86.elf File opened for reading /proc/24/maps xd.x86.elf File opened for reading /proc/96/maps xd.x86.elf File opened for reading /proc/737/maps xd.x86.elf File opened for reading /proc/114/maps xd.x86.elf File opened for reading /proc/589/maps xd.x86.elf File opened for reading /proc/19/maps xd.x86.elf File opened for reading /proc/21/maps xd.x86.elf File opened for reading /proc/27/maps xd.x86.elf File opened for reading /proc/83/maps xd.x86.elf File opened for reading /proc/102/maps xd.x86.elf File opened for reading /proc/776/maps xd.x86.elf File opened for reading /proc/613/maps xd.x86.elf File opened for reading /proc/963/maps xd.x86.elf File opened for reading /proc/22/maps xd.x86.elf File opened for reading /proc/88/maps xd.x86.elf File opened for reading /proc/97/maps xd.x86.elf File opened for reading /proc/315/maps xd.x86.elf File opened for reading /proc/80/maps xd.x86.elf File opened for reading /proc/98/maps xd.x86.elf File opened for reading /proc/506/maps xd.x86.elf File opened for reading /proc/868/maps xd.x86.elf File opened for reading /proc/991/maps xd.x86.elf File opened for reading /proc/510/maps xd.x86.elf File opened for reading /proc/543/maps xd.x86.elf File opened for reading /proc/634/maps xd.x86.elf File opened for reading /proc/771/maps xd.x86.elf File opened for reading /proc/4/maps xd.x86.elf File opened for reading /proc/74/maps xd.x86.elf File opened for reading /proc/101/maps xd.x86.elf File opened for reading /proc/217/maps xd.x86.elf File opened for reading /proc/763/maps xd.x86.elf File opened for reading /proc/75/maps xd.x86.elf File opened for reading /proc/211/maps xd.x86.elf File opened for reading /proc/588/maps xd.x86.elf File opened for reading /proc/636/maps xd.x86.elf File opened for reading /proc/89/maps xd.x86.elf File opened for reading /proc/199/maps xd.x86.elf File opened for reading /proc/409/maps xd.x86.elf File opened for reading /proc/676/maps xd.x86.elf File opened for reading /proc/13/maps xd.x86.elf File opened for reading /proc/16/maps xd.x86.elf File opened for reading /proc/412/maps xd.x86.elf File opened for reading /proc/614/maps xd.x86.elf File opened for reading /proc/417/maps xd.x86.elf File opened for reading /proc/453/maps xd.x86.elf -
description ioc Process File opened for reading /proc/1013/maps xd.x86.elf File opened for reading /proc/1054/maps xd.x86.elf File opened for reading /proc/1157/maps xd.x86.elf File opened for reading /proc/1183/maps xd.x86.elf File opened for reading /proc/1229/maps xd.x86.elf File opened for reading /proc/1482/maps xd.x86.elf File opened for reading /proc/1173/maps xd.x86.elf File opened for reading /proc/1563/maps xd.x86.elf File opened for reading /proc/1144/maps xd.x86.elf File opened for reading /proc/1224/maps xd.x86.elf File opened for reading /proc/1303/maps xd.x86.elf File opened for reading /proc/1564/maps xd.x86.elf File opened for reading /proc/1038/maps xd.x86.elf File opened for reading /proc/1097/maps xd.x86.elf File opened for reading /proc/1158/maps xd.x86.elf File opened for reading /proc/1160/maps xd.x86.elf File opened for reading /proc/1166/maps xd.x86.elf File opened for reading /proc/1446/maps xd.x86.elf File opened for reading /proc/1053/maps xd.x86.elf File opened for reading /proc/1124/maps xd.x86.elf File opened for reading /proc/1187/maps xd.x86.elf File opened for reading /proc/1433/maps xd.x86.elf File opened for reading /proc/1044/maps xd.x86.elf File opened for reading /proc/1082/maps xd.x86.elf File opened for reading /proc/1104/maps xd.x86.elf File opened for reading /proc/1162/maps xd.x86.elf File opened for reading /proc/1307/maps xd.x86.elf File opened for reading /proc/1131/maps xd.x86.elf File opened for reading /proc/1312/maps xd.x86.elf File opened for reading /proc/1342/maps xd.x86.elf File opened for reading /proc/1550/maps xd.x86.elf File opened for reading /proc/1566/maps xd.x86.elf File opened for reading /proc/1159/maps xd.x86.elf File opened for reading /proc/1172/maps xd.x86.elf File opened for reading /proc/1291/maps xd.x86.elf File opened for reading /proc/1370/maps xd.x86.elf File opened for reading /proc/1427/maps xd.x86.elf File opened for reading /proc/1568/maps xd.x86.elf File opened for reading /proc/1093/maps xd.x86.elf File opened for reading /proc/1156/maps xd.x86.elf File opened for reading /proc/1231/maps xd.x86.elf File opened for reading /proc/1079/maps xd.x86.elf File opened for reading /proc/1111/maps xd.x86.elf File opened for reading /proc/1140/maps xd.x86.elf File opened for reading /proc/1161/maps xd.x86.elf File opened for reading /proc/1176/maps xd.x86.elf File opened for reading /proc/1221/maps xd.x86.elf File opened for reading /proc/1362/maps xd.x86.elf File opened for reading /proc/1235/maps xd.x86.elf File opened for reading /proc/1245/maps xd.x86.elf File opened for reading /proc/1535/maps xd.x86.elf File opened for reading /proc/1548/maps xd.x86.elf File opened for reading /proc/1373/maps xd.x86.elf File opened for reading /proc/1501/maps xd.x86.elf File opened for reading /proc/1549/maps xd.x86.elf File opened for reading /proc/1033/maps xd.x86.elf File opened for reading /proc/1251/maps xd.x86.elf File opened for reading /proc/1316/maps xd.x86.elf File opened for reading /proc/1185/maps xd.x86.elf File opened for reading /proc/1359/maps xd.x86.elf File opened for reading /proc/1567/maps xd.x86.elf File opened for reading /proc/1062/maps xd.x86.elf File opened for reading /proc/1163/maps xd.x86.elf File opened for reading /proc/1174/maps xd.x86.elf