Analysis
-
max time kernel
149s -
max time network
151s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
17-12-2024 22:22
Behavioral task
behavioral1
Sample
jew.x86.elf
Resource
ubuntu2004-amd64-20240508-en
ubuntu-20.04-amd64
5 signatures
150 seconds
General
-
Target
jew.x86.elf
-
Size
53KB
-
MD5
1c175e1463d52e354f3d7fb3156195e9
-
SHA1
db1773b660a018eb117a3dc74013176a556bb728
-
SHA256
518804d20cc93ad62a563d439839c91989c5166e8cdfe2f3b643fa6abf570bed
-
SHA512
82bee9d931bacd78bbb8115b97177c0fe37ba701ff7a184683c0b29818f77ebc9a8660947f319409b9062f044d27495d8bbbfbd9cb9a111689660d2592e540d6
-
SSDEEP
1536:O13kynNjv6czSEZeLmI37KNCgoTcpoQzWxS2RAfah5HQ:AUyntv6cuEZ437KAgowpoeiSi1D
Score
9/10
Malware Config
Signatures
-
Contacts a large (117355) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog jew.x86.elf File opened for modification /dev/misc/watchdog jew.x86.elf -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog jew.x86.elf File opened for modification /bin/watchdog jew.x86.elf -
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1415 jew.x86.elf