Analysis
-
max time kernel
149s -
max time network
152s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
03-12-2024 23:59
Behavioral task
behavioral1
Sample
teste.i686.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
7 signatures
150 seconds
General
-
Target
teste.i686.elf
-
Size
114KB
-
MD5
0b7cc02ae3cbb3612d762ec91eff75b6
-
SHA1
9d355d2c9257deec9f734d504051bb821dde1c2c
-
SHA256
cd1268c5152cc51f4d978f8616d7149175b7bb6f231a38ff8543f41f5de552b0
-
SHA512
e762bd509477e43a1a4ee4d76a9977015d17bd737ed10f449af9f8c65be14c9eb48f8bf7a556b66f8227a38a8fbfac85af1ce9a9224981268041e22d9b6e1461
-
SSDEEP
3072:+0f4VOiwnsrDpX4zXrtFxzyzsgD/hj+Q:34VOiwnsrDpX4zXoxqQ
Score
9/10
Malware Config
Signatures
-
Contacts a large (76772) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog teste.i686.elf File opened for modification /dev/misc/watchdog teste.i686.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog teste.i686.elf File opened for modification /bin/watchdog teste.i686.elf -
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1587 teste.i686.elf -
description ioc Process File opened for reading /proc/11/cmdline teste.i686.elf File opened for reading /proc/96/cmdline teste.i686.elf File opened for reading /proc/97/cmdline teste.i686.elf File opened for reading /proc/214/cmdline teste.i686.elf File opened for reading /proc/409/cmdline teste.i686.elf File opened for reading /proc/413/cmdline teste.i686.elf File opened for reading /proc/527/cmdline teste.i686.elf File opened for reading /proc/759/cmdline teste.i686.elf File opened for reading /proc/1049/cmdline teste.i686.elf File opened for reading /proc/1142/cmdline teste.i686.elf File opened for reading /proc/1209/cmdline teste.i686.elf File opened for reading /proc/678/cmdline teste.i686.elf File opened for reading /proc/745/cmdline teste.i686.elf File opened for reading /proc/1168/cmdline teste.i686.elf File opened for reading /proc/1595/cmdline teste.i686.elf File opened for reading /proc/399/cmdline teste.i686.elf File opened for reading /proc/411/cmdline teste.i686.elf File opened for reading /proc/780/cmdline teste.i686.elf File opened for reading /proc/1081/cmdline teste.i686.elf File opened for reading /proc/1177/cmdline teste.i686.elf File opened for reading /proc/24/cmdline teste.i686.elf File opened for reading /proc/26/cmdline teste.i686.elf File opened for reading /proc/215/cmdline teste.i686.elf File opened for reading /proc/674/cmdline teste.i686.elf File opened for reading /proc/1071/cmdline teste.i686.elf File opened for reading /proc/25/cmdline teste.i686.elf File opened for reading /proc/525/cmdline teste.i686.elf File opened for reading /proc/597/cmdline teste.i686.elf File opened for reading /proc/761/cmdline teste.i686.elf File opened for reading /proc/959/cmdline teste.i686.elf File opened for reading /proc/988/cmdline teste.i686.elf File opened for reading /proc/1588/cmdline teste.i686.elf File opened for reading /proc/1623/cmdline teste.i686.elf File opened for reading /proc/3/cmdline teste.i686.elf File opened for reading /proc/12/cmdline teste.i686.elf File opened for reading /proc/259/cmdline teste.i686.elf File opened for reading /proc/582/cmdline teste.i686.elf File opened for reading /proc/603/cmdline teste.i686.elf File opened for reading /proc/1195/cmdline teste.i686.elf File opened for reading /proc/1528/cmdline teste.i686.elf File opened for reading /proc/1547/cmdline teste.i686.elf File opened for reading /proc/1622/cmdline teste.i686.elf File opened for reading /proc/2/cmdline teste.i686.elf File opened for reading /proc/88/cmdline teste.i686.elf File opened for reading /proc/109/cmdline teste.i686.elf File opened for reading /proc/864/cmdline teste.i686.elf File opened for reading /proc/112/cmdline teste.i686.elf File opened for reading /proc/584/cmdline teste.i686.elf File opened for reading /proc/1184/cmdline teste.i686.elf File opened for reading /proc/1201/cmdline teste.i686.elf File opened for reading /proc/210/cmdline teste.i686.elf File opened for reading /proc/213/cmdline teste.i686.elf File opened for reading /proc/1041/cmdline teste.i686.elf File opened for reading /proc/1371/cmdline teste.i686.elf File opened for reading /proc/410/cmdline teste.i686.elf File opened for reading /proc/838/cmdline teste.i686.elf File opened for reading /proc/1051/cmdline teste.i686.elf File opened for reading /proc/1097/cmdline teste.i686.elf File opened for reading /proc/1169/cmdline teste.i686.elf File opened for reading /proc/1247/cmdline teste.i686.elf File opened for reading /proc/1398/cmdline teste.i686.elf File opened for reading /proc/1561/cmdline teste.i686.elf File opened for reading /proc/13/cmdline teste.i686.elf File opened for reading /proc/14/cmdline teste.i686.elf