8479352f78c686a2186e6919a8a6b062c8c8c155cbab9034cb1999671fc46327

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
23-11-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
Size

77KB
MD5

9c082fee0cd065b7d60d9bf07337adf2
SHA1

48c4cc659d9f4bff4d77aa0ab50aee5292abcaee
SHA256

8479352f78c686a2186e6919a8a6b062c8c8c155cbab9034cb1999671fc46327
SHA512

0673a463d801bf60a4e174f3baa1b85864bdf1548e956b8e28bf1caedfec9bddd67a9e7cc17c5417d23e75f9c5529a0d584a604b00fe6d58b1d684925b436194
SSDEEP

1536:y3UABX0MyjCIMs3dltujNcdl/qJ9xZZxJ+BANoEQ1It3R+yd570WabG8j0tZRX1F:+T6MyjRDdlQpGM3rkk

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for modification	/dev/misc/watchdog	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for modification	/bin/watchdog	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/754/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1048/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1402/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2015/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2112/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/9/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/15/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/197/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2233/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2282/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/438/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/813/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1888/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2506/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/772/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1042/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2505/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/200/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1696/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1793/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1921/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2150/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/11/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/19/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/55/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2153/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/418/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2002/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/40/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/43/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/235/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/190/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/202/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/761/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/786/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2203/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/28/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/44/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/52/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/791/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1827/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2445/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/49/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/199/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/788/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/27/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/45/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/51/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/196/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/198/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/8/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/13/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/24/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2212/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2239/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2246/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/189/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/386/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/583/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2164/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/10/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/26/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/127/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2027/status	2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp

/tmp/2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
/tmp/2459-1-0x0000000000400000-0x0000000000614b00-memory.dmp
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:2509

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads