Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
03-12-2024 23:56
Behavioral task
behavioral1
Sample
teste.i686.elf
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
7 signatures
150 seconds
General
-
Target
teste.i686.elf
-
Size
114KB
-
MD5
0b7cc02ae3cbb3612d762ec91eff75b6
-
SHA1
9d355d2c9257deec9f734d504051bb821dde1c2c
-
SHA256
cd1268c5152cc51f4d978f8616d7149175b7bb6f231a38ff8543f41f5de552b0
-
SHA512
e762bd509477e43a1a4ee4d76a9977015d17bd737ed10f449af9f8c65be14c9eb48f8bf7a556b66f8227a38a8fbfac85af1ce9a9224981268041e22d9b6e1461
-
SSDEEP
3072:+0f4VOiwnsrDpX4zXrtFxzyzsgD/hj+Q:34VOiwnsrDpX4zXoxqQ
Score
9/10
Malware Config
Signatures
-
Contacts a large (76254) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog teste.i686.elf File opened for modification /dev/misc/watchdog teste.i686.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog teste.i686.elf File opened for modification /bin/watchdog teste.i686.elf -
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1474 teste.i686.elf -
description ioc Process File opened for reading /proc/89/cmdline teste.i686.elf File opened for reading /proc/442/cmdline teste.i686.elf File opened for reading /proc/1164/cmdline teste.i686.elf File opened for reading /proc/2/cmdline teste.i686.elf File opened for reading /proc/6/cmdline teste.i686.elf File opened for reading /proc/27/cmdline teste.i686.elf File opened for reading /proc/451/cmdline teste.i686.elf File opened for reading /proc/1121/cmdline teste.i686.elf File opened for reading /proc/1478/cmdline teste.i686.elf File opened for reading /proc/31/cmdline teste.i686.elf File opened for reading /proc/156/cmdline teste.i686.elf File opened for reading /proc/172/cmdline teste.i686.elf File opened for reading /proc/431/cmdline teste.i686.elf File opened for reading /proc/1069/cmdline teste.i686.elf File opened for reading /proc/1139/cmdline teste.i686.elf File opened for reading /proc/1226/cmdline teste.i686.elf File opened for reading /proc/1469/cmdline teste.i686.elf File opened for reading /proc/84/cmdline teste.i686.elf File opened for reading /proc/154/cmdline teste.i686.elf File opened for reading /proc/169/cmdline teste.i686.elf File opened for reading /proc/435/cmdline teste.i686.elf File opened for reading /proc/449/cmdline teste.i686.elf File opened for reading /proc/1033/cmdline teste.i686.elf File opened for reading /proc/1300/cmdline teste.i686.elf File opened for reading /proc/13/cmdline teste.i686.elf File opened for reading /proc/161/cmdline teste.i686.elf File opened for reading /proc/559/cmdline teste.i686.elf File opened for reading /proc/949/cmdline teste.i686.elf File opened for reading /proc/1175/cmdline teste.i686.elf File opened for reading /proc/80/cmdline teste.i686.elf File opened for reading /proc/167/cmdline teste.i686.elf File opened for reading /proc/1244/cmdline teste.i686.elf File opened for reading /proc/3/cmdline teste.i686.elf File opened for reading /proc/645/cmdline teste.i686.elf File opened for reading /proc/947/cmdline teste.i686.elf File opened for reading /proc/1179/cmdline teste.i686.elf File opened for reading /proc/1181/cmdline teste.i686.elf File opened for reading /proc/1477/cmdline teste.i686.elf File opened for reading /proc/9/cmdline teste.i686.elf File opened for reading /proc/12/cmdline teste.i686.elf File opened for reading /proc/517/cmdline teste.i686.elf File opened for reading /proc/1475/cmdline teste.i686.elf File opened for reading /proc/1479/cmdline teste.i686.elf File opened for reading /proc/30/cmdline teste.i686.elf File opened for reading /proc/709/cmdline teste.i686.elf File opened for reading /proc/952/cmdline teste.i686.elf File opened for reading /proc/1177/cmdline teste.i686.elf File opened for reading /proc/1301/cmdline teste.i686.elf File opened for reading /proc/1472/cmdline teste.i686.elf File opened for reading /proc/26/cmdline teste.i686.elf File opened for reading /proc/34/cmdline teste.i686.elf File opened for reading /proc/157/cmdline teste.i686.elf File opened for reading /proc/444/cmdline teste.i686.elf File opened for reading /proc/1009/cmdline teste.i686.elf File opened for reading /proc/1039/cmdline teste.i686.elf File opened for reading /proc/11/cmdline teste.i686.elf File opened for reading /proc/18/cmdline teste.i686.elf File opened for reading /proc/23/cmdline teste.i686.elf File opened for reading /proc/25/cmdline teste.i686.elf File opened for reading /proc/159/cmdline teste.i686.elf File opened for reading /proc/166/cmdline teste.i686.elf File opened for reading /proc/168/cmdline teste.i686.elf File opened for reading /proc/249/cmdline teste.i686.elf File opened for reading /proc/1161/cmdline teste.i686.elf