Analysis
-
max time kernel
102s -
max time network
153s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20241127-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20241127-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
06/12/2024, 05:04
Behavioral task
behavioral1
Sample
main_x86.elf
Resource
ubuntu2004-amd64-20241127-en
ubuntu-20.04-amd64
8 signatures
150 seconds
General
-
Target
main_x86.elf
-
Size
44KB
-
MD5
cbd31095fc9ce62c02b04ed61eaee1a6
-
SHA1
e6a5df104379db435807ba2b89d728291327947e
-
SHA256
71fec85ddee9e66b50341b0494d92b25333b1e148c14490fdc2e03f97173f09c
-
SHA512
fece8e04c78a54a11c66710fd92ff2f40ee5186d655ac63d5ae379730aaf709240bdcb9aa8889446fef7e24686189ad1ea1cb6477fa2f91a25aaa964517268aa
-
SSDEEP
768:yHHmunAhv1xoS24usX6Vrpv3htyfoGE4mLWPYlBCH+g3acygH:yHHRnAhv/oS24hXQpv5GEAPYfCeg3Jym
Score
9/10
Malware Config
Signatures
-
Contacts a large (73678) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog main_x86.elf File opened for modification /dev/misc/watchdog main_x86.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp main_x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1417 main_x86.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp main_x86.elf -
description ioc Process File opened for reading /proc/521/fd main_x86.elf File opened for reading /proc/533/fd main_x86.elf File opened for reading /proc/642/exe main_x86.elf File opened for reading /proc/666/exe main_x86.elf File opened for reading /proc/832/exe main_x86.elf File opened for reading /proc/1424/exe main_x86.elf File opened for reading /proc/1574/exe main_x86.elf File opened for reading /proc/470/fd main_x86.elf File opened for reading /proc/558/fd main_x86.elf File opened for reading /proc/449/exe main_x86.elf File opened for reading /proc/799/exe main_x86.elf File opened for reading /proc/456/fd main_x86.elf File opened for reading /proc/482/exe main_x86.elf File opened for reading /proc/1519/exe main_x86.elf File opened for reading /proc/1421/exe main_x86.elf File opened for reading /proc/456/exe main_x86.elf File opened for reading /proc/920/exe main_x86.elf File opened for reading /proc/953/exe main_x86.elf File opened for reading /proc/1418/exe main_x86.elf File opened for reading /proc/633/exe main_x86.elf File opened for reading /proc/1513/exe main_x86.elf File opened for reading /proc/1864/exe main_x86.elf File opened for reading /proc/1900/exe main_x86.elf File opened for reading /proc/401/exe main_x86.elf File opened for reading /proc/639/exe main_x86.elf File opened for reading /proc/1179/exe main_x86.elf File opened for reading /proc/1644/exe main_x86.elf File opened for reading /proc/399/fd main_x86.elf File opened for reading /proc/1615/exe main_x86.elf File opened for reading /proc/1627/exe main_x86.elf File opened for reading /proc/454/fd main_x86.elf File opened for reading /proc/515/fd main_x86.elf File opened for reading /proc/583/exe main_x86.elf File opened for reading /proc/1599/exe main_x86.elf File opened for reading /proc/1673/exe main_x86.elf File opened for reading /proc/442/fd main_x86.elf File opened for reading /proc/482/fd main_x86.elf File opened for reading /proc/492/fd main_x86.elf File opened for reading /proc/948/exe main_x86.elf File opened for reading /proc/1639/exe main_x86.elf File opened for reading /proc/792/exe main_x86.elf File opened for reading /proc/959/exe main_x86.elf File opened for reading /proc/966/exe main_x86.elf File opened for reading /proc/1409/exe main_x86.elf File opened for reading /proc/1/fd main_x86.elf File opened for reading /proc/402/exe main_x86.elf File opened for reading /proc/1002/exe main_x86.elf File opened for reading /proc/1529/exe main_x86.elf File opened for reading /proc/454/exe main_x86.elf File opened for reading /proc/475/exe main_x86.elf File opened for reading /proc/751/exe main_x86.elf File opened for reading /proc/896/exe main_x86.elf File opened for reading /proc/1549/exe main_x86.elf File opened for reading /proc/1569/exe main_x86.elf File opened for reading /proc/1590/exe main_x86.elf File opened for reading /proc/514/exe main_x86.elf File opened for reading /proc/521/exe main_x86.elf File opened for reading /proc/790/exe main_x86.elf File opened for reading /proc/1686/exe main_x86.elf File opened for reading /proc/443/fd main_x86.elf File opened for reading /proc/557/exe main_x86.elf File opened for reading /proc/895/exe main_x86.elf File opened for reading /proc/442/exe main_x86.elf File opened for reading /proc/1634/exe main_x86.elf