Analysis
-
max time kernel
122s -
max time network
152s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
06/12/2024, 05:01
Behavioral task
behavioral1
Sample
main_x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
8 signatures
150 seconds
General
-
Target
main_x86.elf
-
Size
44KB
-
MD5
cbd31095fc9ce62c02b04ed61eaee1a6
-
SHA1
e6a5df104379db435807ba2b89d728291327947e
-
SHA256
71fec85ddee9e66b50341b0494d92b25333b1e148c14490fdc2e03f97173f09c
-
SHA512
fece8e04c78a54a11c66710fd92ff2f40ee5186d655ac63d5ae379730aaf709240bdcb9aa8889446fef7e24686189ad1ea1cb6477fa2f91a25aaa964517268aa
-
SSDEEP
768:yHHmunAhv1xoS24usX6Vrpv3htyfoGE4mLWPYlBCH+g3acygH:yHHRnAhv/oS24hXQpv5GEAPYfCeg3Jym
Score
9/10
Malware Config
Signatures
-
Contacts a large (86370) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog main_x86.elf File opened for modification /dev/misc/watchdog main_x86.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp main_x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1587 main_x86.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp main_x86.elf -
description ioc Process File opened for reading /proc/1184/fd main_x86.elf File opened for reading /proc/1051/fd main_x86.elf File opened for reading /proc/1080/fd main_x86.elf File opened for reading /proc/1174/fd main_x86.elf File opened for reading /proc/1181/fd main_x86.elf File opened for reading /proc/1318/fd main_x86.elf File opened for reading /proc/1426/fd main_x86.elf File opened for reading /proc/521/fd main_x86.elf File opened for reading /proc/832/fd main_x86.elf File opened for reading /proc/1187/fd main_x86.elf File opened for reading /proc/1250/fd main_x86.elf File opened for reading /proc/630/fd main_x86.elf File opened for reading /proc/1588/fd main_x86.elf File opened for reading /proc/628/fd main_x86.elf File opened for reading /proc/657/fd main_x86.elf File opened for reading /proc/862/fd main_x86.elf File opened for reading /proc/1088/fd main_x86.elf File opened for reading /proc/1122/fd main_x86.elf File opened for reading /proc/1269/fd main_x86.elf File opened for reading /proc/424/fd main_x86.elf File opened for reading /proc/744/fd main_x86.elf File opened for reading /proc/1299/fd main_x86.elf File opened for reading /proc/1052/fd main_x86.elf File opened for reading /proc/1528/fd main_x86.elf File opened for reading /proc/1153/fd main_x86.elf File opened for reading /proc/1411/fd main_x86.elf File opened for reading /proc/644/fd main_x86.elf File opened for reading /proc/731/fd main_x86.elf File opened for reading /proc/740/fd main_x86.elf File opened for reading /proc/762/fd main_x86.elf File opened for reading /proc/766/fd main_x86.elf File opened for reading /proc/777/fd main_x86.elf File opened for reading /proc/1296/fd main_x86.elf File opened for reading /proc/606/fd main_x86.elf File opened for reading /proc/1059/fd main_x86.elf File opened for reading /proc/1156/fd main_x86.elf File opened for reading /proc/1162/fd main_x86.elf File opened for reading /proc/1327/fd main_x86.elf File opened for reading /proc/1031/fd main_x86.elf File opened for reading /proc/1075/fd main_x86.elf File opened for reading /proc/1096/fd main_x86.elf File opened for reading /proc/1594/fd main_x86.elf File opened for reading /proc/631/fd main_x86.elf File opened for reading /proc/1100/fd main_x86.elf File opened for reading /proc/1172/fd main_x86.elf File opened for reading /proc/1395/fd main_x86.elf File opened for reading /proc/524/fd main_x86.elf File opened for reading /proc/1206/fd main_x86.elf File opened for reading /proc/1591/fd main_x86.elf File opened for reading /proc/652/fd main_x86.elf File opened for reading /proc/770/fd main_x86.elf File opened for reading /proc/953/fd main_x86.elf File opened for reading /proc/1138/fd main_x86.elf File opened for reading /proc/1173/fd main_x86.elf File opened for reading /proc/1194/fd main_x86.elf File opened for reading /proc/980/fd main_x86.elf File opened for reading /proc/1072/fd main_x86.elf File opened for reading /proc/584/fd main_x86.elf File opened for reading /proc/837/fd main_x86.elf File opened for reading /proc/1129/fd main_x86.elf File opened for reading /proc/1323/fd main_x86.elf File opened for reading /proc/1/fd main_x86.elf File opened for reading /proc/629/fd main_x86.elf File opened for reading /proc/988/fd main_x86.elf