Analysis
-
max time kernel
149s -
max time network
151s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
-
submitted
21/11/2024, 04:10
General
-
Target
3271bbdb49f6a5a4ad4cba1256e4805d1ada650f36e0086259bd9ab7d39f4667.elf
-
Size
64KB
-
MD5
d75ffd62da3b5eb4fe3338a07522b57f
-
SHA1
ebd1de41f2c916e6ea2fa012b29115cb915bebe9
-
SHA256
3271bbdb49f6a5a4ad4cba1256e4805d1ada650f36e0086259bd9ab7d39f4667
-
SHA512
22d8031c08c4b9366d20abc26e8f1f4dcde7ac7b89990c04f152bed3b81e185947bfe259df3018baad726145767d9d36fc0cd8a3303792cc42b5f37d680ba606
-
SSDEEP
1536:v8fIhfwui9pfcS6xGQvmgd5NXJwuIu52oR3z:I6M99cXGwXJwuP5Rdz
Score
9/10
Malware Config
Signatures
-
Contacts a large (76764) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Changes its process name 1 IoCs
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/3271bbdb49f6a5a4ad4cba1256e4805d1ada650f36e0086259bd9ab7d39f4667.elf/tmp/3271bbdb49f6a5a4ad4cba1256e4805d1ada650f36e0086259bd9ab7d39f4667.elf1⤵
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information