Overview
overview
10Static
static
10002d23802f...a9.elf
ubuntu-24.04-amd64
006e75ccf3...e6.exe
windows7-x64
3006e75ccf3...e6.exe
windows10-2004-x64
3010b63314e...17.exe
windows7-x64
10010b63314e...17.exe
windows10-2004-x64
10017f252187...45.exe
windows7-x64
7017f252187...45.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Unmonument...GL.dll
windows7-x64
1Unmonument...GL.dll
windows10-2004-x64
1025a7cc996...12.exe
windows7-x64
10025a7cc996...12.exe
windows10-2004-x64
10026a0d5ada...ed.exe
windows7-x64
10026a0d5ada...ed.exe
windows10-2004-x64
100296e49137...b6.exe
windows7-x64
100296e49137...b6.exe
windows10-2004-x64
100382436149...62.exe
windows7-x64
100382436149...62.exe
windows10-2004-x64
10039b7cbbe0...f4.exe
windows7-x64
039b7cbbe0...f4.exe
windows10-2004-x64
03a0e7298d...43.exe
windows7-x64
1003a0e7298d...43.exe
windows10-2004-x64
10044d4141fa...83.apk
android-9-x86
6044d4141fa...83.apk
android-10-x64
6044d4141fa...83.apk
android-11-x64
60488488429...83.exe
windows7-x64
100488488429...83.exe
windows10-2004-x64
1004ba453903...df.elf
ubuntu-22.04-amd64
8054c0c0eb0...5c.exe
windows7-x64
10054c0c0eb0...5c.exe
windows10-2004-x64
10058c3a111c...0bc.js
windows7-x64
10Analysis
-
max time kernel
12s -
max time network
27s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
21-12-2024 20:29
Static task
static1
Behavioral task
behavioral1
Sample
002d23802f5e90492a340a0202f8082ddf84d3abdb7834bf7cb771c81161e0a9.elf
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral2
Sample
006e75ccf30448182c69a7f7bc7a4308caa78a87e6d834926599ce6b11e222e6.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral3
Sample
006e75ccf30448182c69a7f7bc7a4308caa78a87e6d834926599ce6b11e222e6.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
010b63314edf0d096b2c259cfc5b95fe28cae4d983e0ea547e13f8b16ff42c17.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral5
Sample
010b63314edf0d096b2c259cfc5b95fe28cae4d983e0ea547e13f8b16ff42c17.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
017f252187d69448ce91bef978fabdd931c56a7f57d43ba3557da5c49b133e45.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral7
Sample
017f252187d69448ce91bef978fabdd931c56a7f57d43ba3557da5c49b133e45.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
Unmonumented/libEGL.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral11
Sample
Unmonumented/libEGL.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
025a7cc996fdece05721b7ac336a6e2e614f7a76b59f0a3aff2278e374ac7b12.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral13
Sample
025a7cc996fdece05721b7ac336a6e2e614f7a76b59f0a3aff2278e374ac7b12.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
026a0d5ada04432b47b8f00e05304f11c2f72374b522d0c906f919d115c4b0ed.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral15
Sample
026a0d5ada04432b47b8f00e05304f11c2f72374b522d0c906f919d115c4b0ed.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
0296e49137a482b7db3bed7fe16c5ad20b083b20a8ce56b6c42309fff94d50b6.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral17
Sample
0296e49137a482b7db3bed7fe16c5ad20b083b20a8ce56b6c42309fff94d50b6.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
038243614941cbef3abaa0524ae4c26cef4b8c902b0f674ebc77b04b1e035662.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral19
Sample
038243614941cbef3abaa0524ae4c26cef4b8c902b0f674ebc77b04b1e035662.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
039b7cbbe00107f02b5004f4e2560b6d3f8c9e7c81a01ddd3c85a3c94b311bf4.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral21
Sample
039b7cbbe00107f02b5004f4e2560b6d3f8c9e7c81a01ddd3c85a3c94b311bf4.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
03a0e7298d12838300b55acae66e5c132a980bd33ff63703d1657632326db543.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral23
Sample
03a0e7298d12838300b55acae66e5c132a980bd33ff63703d1657632326db543.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
044d4141fa14d7abac6f282b72e4d4a6f0fec56df3d0d1650e2db3a1a5c80783.apk
Resource
android-x86-arm-20240624-en
android-9-x86
Behavioral task
behavioral25
Sample
044d4141fa14d7abac6f282b72e4d4a6f0fec56df3d0d1650e2db3a1a5c80783.apk
Resource
android-x64-20240624-en
android-10-x64
Behavioral task
behavioral26
Sample
044d4141fa14d7abac6f282b72e4d4a6f0fec56df3d0d1650e2db3a1a5c80783.apk
Resource
android-x64-arm64-20240624-en
android-11-x64
Behavioral task
behavioral27
Sample
0488488429b7776b837be76cef378782ec22ebbd71fe37ae16b3f325e0742283.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral28
Sample
0488488429b7776b837be76cef378782ec22ebbd71fe37ae16b3f325e0742283.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
Behavioral task
behavioral30
Sample
054c0c0eb0f5db96a0f5c39dfc6c822377462a12aff74bc86150d450aa880e5c.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral31
Sample
054c0c0eb0f5db96a0f5c39dfc6c822377462a12aff74bc86150d450aa880e5c.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
058c3a111cb50601c15b4410b3770720b948702207b5ad6492b82e1c4fd310bc.js
Resource
win7-20241010-en
windows7-x64
General
-
Target
04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf
-
Size
57KB
-
MD5
6766a5ebb3bc9ac3660010b64f352278
-
SHA1
d3a89e39cfc205af5bb59001e59ab36369507abd
-
SHA256
04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df
-
SHA512
5428da59fd856c3cc34af8e92d5ddcab1d604471b861408765a4bbe90846c83a481a8ba1629d46fb45a63014d5c6d3819b7a274f1705d62d224e62bf8112ba18
-
SSDEEP
1536:UO9Q+iBMnYioCIgyFGaPSWY/aKVv76SXIVVS:UP+6MnYiouyFGaPSWY/bVT6oIVI
Malware Config
Signatures
-
Contacts a large (1787) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for modification /dev/misc/watchdog 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf -
description ioc Process File opened for reading /proc/1066/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/984/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1135/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1205/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/452/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/794/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/841/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1085/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/411/exe 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/521/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/722/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1096/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1487/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/415/exe 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/612/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/748/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/761/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1034/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1275/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/609/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/739/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/962/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1181/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/640/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1167/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1257/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1279/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1123/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1190/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1566/exe 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1144/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1166/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1363/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1426/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1503/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1284/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1394/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/613/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/664/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/771/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/992/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1198/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1170/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1070/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/416/exe 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/956/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1178/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1287/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1352/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/593/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/772/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1232/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/588/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/408/exe 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1563/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/638/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1014/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1054/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1106/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1241/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/634/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/845/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1318/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf File opened for reading /proc/1157/fd 04ba4539039a535365ac32abf01cb409f0efbc33545a864865a073e09d7500df.elf