Analysis
-
max time kernel
136s -
max time network
148s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
20-11-2024 18:38
Behavioral task
behavioral1
Sample
x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
6 signatures
150 seconds
General
-
Target
x86.elf
-
Size
37KB
-
MD5
edf612986dba9abff11a7530fa06d3c2
-
SHA1
c39e5ecf48ed660df4c93353744955bebfb91636
-
SHA256
d7800781555066e97a3165a99ca416c452f0d60d9160fdcc62e842311c8664f0
-
SHA512
0dd292e9760c9ac15b06809133d8296f21250085c803585be73abcd1d1faacbf07bb28a0703943f65c0bc66e0c6311b3342a1c39e118dfae6491b5f7b7eeda9f
-
SSDEEP
768:4a+BWS+ZPwIIBPGXna4nvdQL5zc6R96SMO/ieUeSMI68nCmqnbcuyD7UrQRj/:4a+BH+hKBAa4Vcc6RwSMO/ieCME2nouG
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/misc/watchdog x86.elf File opened for modification /dev/watchdog x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /bin/watchdog x86.elf File opened for modification /sbin/watchdog x86.elf -
description ioc Process File opened for reading /proc/86/status x86.elf File opened for reading /proc/88/status x86.elf File opened for reading /proc/95/status x86.elf File opened for reading /proc/202/status x86.elf File opened for reading /proc/1/status x86.elf File opened for reading /proc/25/status x86.elf File opened for reading /proc/75/status x86.elf File opened for reading /proc/76/status x86.elf File opened for reading /proc/769/status x86.elf File opened for reading /proc/775/status x86.elf File opened for reading /proc/907/status x86.elf File opened for reading /proc/998/status x86.elf File opened for reading /proc/676/status x86.elf File opened for reading /proc/1155/status x86.elf File opened for reading /proc/1238/status x86.elf File opened for reading /proc/1276/status x86.elf File opened for reading /proc/13/status x86.elf File opened for reading /proc/21/status x86.elf File opened for reading /proc/210/status x86.elf File opened for reading /proc/663/status x86.elf File opened for reading /proc/1284/status x86.elf File opened for reading /proc/1061/status x86.elf File opened for reading /proc/1216/status x86.elf File opened for reading /proc/1244/status x86.elf File opened for reading /proc/1374/status x86.elf File opened for reading /proc/22/status x86.elf File opened for reading /proc/218/status x86.elf File opened for reading /proc/451/status x86.elf File opened for reading /proc/503/status x86.elf File opened for reading /proc/159/status x86.elf File opened for reading /proc/216/status x86.elf File opened for reading /proc/636/status x86.elf File opened for reading /proc/1043/status x86.elf File opened for reading /proc/12/status x86.elf File opened for reading /proc/92/status x86.elf File opened for reading /proc/96/status x86.elf File opened for reading /proc/110/status x86.elf File opened for reading /proc/93/status x86.elf File opened for reading /proc/98/status x86.elf File opened for reading /proc/214/status x86.elf File opened for reading /proc/416/status x86.elf File opened for reading /proc/1556/status x86.elf File opened for reading /proc/5/status x86.elf File opened for reading /proc/783/status x86.elf File opened for reading /proc/1167/status x86.elf File opened for reading /proc/1450/status x86.elf File opened for reading /proc/225/status x86.elf File opened for reading /proc/377/status x86.elf File opened for reading /proc/614/status x86.elf File opened for reading /proc/1140/status x86.elf File opened for reading /proc/17/status x86.elf File opened for reading /proc/90/status x86.elf File opened for reading /proc/91/status x86.elf File opened for reading /proc/194/status x86.elf File opened for reading /proc/1294/status x86.elf File opened for reading /proc/1557/status x86.elf File opened for reading /proc/79/status x86.elf File opened for reading /proc/1158/status x86.elf File opened for reading /proc/1341/status x86.elf File opened for reading /proc/1568/status x86.elf File opened for reading /proc/16/status x86.elf File opened for reading /proc/198/status x86.elf File opened for reading /proc/970/status x86.elf File opened for reading /proc/1052/status x86.elf