fff08f2a1a9c20d447ac5cacb89df1287bb830a2fc0cd5866d31d9f3ba653965

Analysis

max time kernel
120s
max time network
151s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
11-12-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

i686.elf
Size

28KB
MD5

15fb222600a3061f5c8e5ef04e5298a6
SHA1

93b4a17632479c8a45e2554a18ea61ea7365c532
SHA256

fff08f2a1a9c20d447ac5cacb89df1287bb830a2fc0cd5866d31d9f3ba653965
SHA512

11e390838b35bdacfa84ebdfc076f564abc1538bc972895b81d2156be52177bb25d62662871ae624747cca29e089a7a9a6ef205db4c694a2c106641d33942c34
SSDEEP

384:MLbVUhN0dUfiBCtrw06IVQtpCVRlRY4oPoOWiZtWpfBmbLh56sHs4lW8i/vUHgDM:OhUMnCPCAlRUP/3LDJHsB8i0HgDf0

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (114379) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	i686.elf
File opened for modification	/dev/misc/watchdog	i686.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/var/Sofia	1575	i686.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/	i686.elf

/tmp/i686.elf
/tmp/i686.elf
1⤵
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information
PID:1575

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads