Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
13-12-2024 00:49
Behavioral task
behavioral1
Sample
1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
7 signatures
150 seconds
General
-
Target
1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp
-
Size
44KB
-
MD5
96430e8572719a4c67f4ccca4e7d1ed4
-
SHA1
d7b5f4157ee0e813d5e05cea849807970cc30f23
-
SHA256
28347513c9f0ed167ed25a5a4489474d700abb649153f75a76145c1c9f02e0d0
-
SHA512
1ce409a42ea9b299a31b768b66bcb77f5c8d31f47bb0b2a9ea228aead4993bda7e33b1d913d86f3f1ab7a475b16019a7338ece15ac2d859099c0f7857fbd7bd4
-
SSDEEP
768:YxYMnWMWM9b7xIxkXZLcD0FYCgT5ar0k7xM2waZqjH67YnnxJ5zPJau/5:YqMnWxM9HxIYLcsyVar0k7xMqlYnnxz/
Score
9/10
Malware Config
Signatures
-
Contacts a large (70067) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for modification /dev/misc/watchdog 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp -
description ioc Process File opened for reading /proc/461/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1132/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1162/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/484/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/465/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1534/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1714/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/474/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1030/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/464/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1140/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/484/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1940/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/538/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/578/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1283/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1907/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1913/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/492/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1708/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1976/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/2087/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/906/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1692/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/437/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1073/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1499/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1958/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/952/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/632/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1686/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1955/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1547/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/451/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/455/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1036/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1228/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1255/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/437/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/589/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/2129/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1155/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1105/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1712/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/521/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/423/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1507/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1977/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/695/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1739/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/667/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1096/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1228/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/2106/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1751/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1954/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/468/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/589/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1086/fd 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1705/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/2137/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/455/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1523/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp File opened for reading /proc/1879/exe 1587-1-0x0000000008048000-0x0000000008053ac0-memory.dmp