Analysis
-
max time kernel
135s -
max time network
146s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
16-12-2024 08:04
Behavioral task
behavioral1
Sample
2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
4 signatures
150 seconds
General
-
Target
2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp
-
Size
73KB
-
MD5
8bbb0527e5bdb2dbfb5edca4fadebb9e
-
SHA1
27d9aef4a73ff40653cafc78d0398cff7dae3d1d
-
SHA256
95698eed99aa476bc2cfbca7add7cfd855b422a786fbab4aa50030ebbfe25d8c
-
SHA512
c7c7724aa951aa27f951f812f2d0fa74f965ed5a3378300217a8d6f8626d7c82f83737b1a353265067ca2d81a889645ab91be416146adb1b52a088276834fc4c
-
SSDEEP
1536:WeuIZobG3QEWYAIb/+w4HnC+8l8Anzcfj/:huIZTAEzAIf4HT8l8Azcfj/
Score
7/10
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for modification /dev/misc/watchdog 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for modification /bin/watchdog 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp -
description ioc Process File opened for reading /proc/12/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/56/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/194/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/195/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/788/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/820/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1335/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1901/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/33/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/50/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/79/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/782/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2244/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/11/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/41/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/235/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/759/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/35/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/579/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1041/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1125/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/142/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/572/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1953/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/3/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/583/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1868/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2174/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/20/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/46/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/51/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/52/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/181/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/200/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1977/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2110/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2274/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2461/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/5/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/199/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1952/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1980/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2257/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2399/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/44/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/24/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/43/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/753/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/765/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1677/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1789/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1913/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1929/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/191/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2119/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/13/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/23/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/27/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/53/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1687/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1982/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2254/status 2527-1-0x0000000000400000-0x00000000005156e8-memory.dmp