Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
22-12-2024 14:41
Behavioral task
behavioral1
Sample
Space.i686.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
6 signatures
150 seconds
General
-
Target
Space.i686.elf
-
Size
35KB
-
MD5
69bb2976de3feee44a259aba3d6e6339
-
SHA1
5ae7aa7d99a2ec82de2d9a9da57a9acd5176b939
-
SHA256
fb5e5e67d08d25421f3d1acfea212d860a41c97ffcbd3d30094362cccaaf9d76
-
SHA512
c3292376c62e324d9b8e6773a78d5d0215feef9f2173f974f5e8ee4bf024aee817e4f6c497a38d285cb00383e28200983fd2be063b384a77d8f7d8c1dfc3388f
-
SSDEEP
768:B9JFwkShNFPp2PxTNJgc/WbaaPTLRz73ninbcuyD7UHQRj7:fwkQX2P9NJg+a7LRz73ninouy8HyH
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog Space.i686.elf File opened for modification /dev/misc/watchdog Space.i686.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog Space.i686.elf File opened for modification /bin/watchdog Space.i686.elf -
description ioc Process File opened for reading /proc/259/status Space.i686.elf File opened for reading /proc/373/status Space.i686.elf File opened for reading /proc/766/status Space.i686.elf File opened for reading /proc/22/status Space.i686.elf File opened for reading /proc/210/status Space.i686.elf File opened for reading /proc/836/status Space.i686.elf File opened for reading /proc/1320/status Space.i686.elf File opened for reading /proc/75/status Space.i686.elf File opened for reading /proc/91/status Space.i686.elf File opened for reading /proc/160/status Space.i686.elf File opened for reading /proc/223/status Space.i686.elf File opened for reading /proc/780/status Space.i686.elf File opened for reading /proc/1419/status Space.i686.elf File opened for reading /proc/12/status Space.i686.elf File opened for reading /proc/95/status Space.i686.elf File opened for reading /proc/219/status Space.i686.elf File opened for reading /proc/585/status Space.i686.elf File opened for reading /proc/632/status Space.i686.elf File opened for reading /proc/13/status Space.i686.elf File opened for reading /proc/217/status Space.i686.elf File opened for reading /proc/77/status Space.i686.elf File opened for reading /proc/94/status Space.i686.elf File opened for reading /proc/112/status Space.i686.elf File opened for reading /proc/209/status Space.i686.elf File opened for reading /proc/412/status Space.i686.elf File opened for reading /proc/1119/status Space.i686.elf File opened for reading /proc/17/status Space.i686.elf File opened for reading /proc/74/status Space.i686.elf File opened for reading /proc/93/status Space.i686.elf File opened for reading /proc/590/status Space.i686.elf File opened for reading /proc/983/status Space.i686.elf File opened for reading /proc/1035/status Space.i686.elf File opened for reading /proc/1089/status Space.i686.elf File opened for reading /proc/1143/status Space.i686.elf File opened for reading /proc/26/status Space.i686.elf File opened for reading /proc/80/status Space.i686.elf File opened for reading /proc/1409/status Space.i686.elf File opened for reading /proc/1185/status Space.i686.elf File opened for reading /proc/1302/status Space.i686.elf File opened for reading /proc/211/status Space.i686.elf File opened for reading /proc/499/status Space.i686.elf File opened for reading /proc/1046/status Space.i686.elf File opened for reading /proc/1469/status Space.i686.elf File opened for reading /proc/3/status Space.i686.elf File opened for reading /proc/11/status Space.i686.elf File opened for reading /proc/1181/status Space.i686.elf File opened for reading /proc/1408/status Space.i686.elf File opened for reading /proc/27/status Space.i686.elf File opened for reading /proc/841/status Space.i686.elf File opened for reading /proc/409/status Space.i686.elf File opened for reading /proc/424/status Space.i686.elf File opened for reading /proc/629/status Space.i686.elf File opened for reading /proc/770/status Space.i686.elf File opened for reading /proc/781/status Space.i686.elf File opened for reading /proc/1014/status Space.i686.elf File opened for reading /proc/92/status Space.i686.elf File opened for reading /proc/222/status Space.i686.elf File opened for reading /proc/1105/status Space.i686.elf File opened for reading /proc/1584/status Space.i686.elf File opened for reading /proc/16/status Space.i686.elf File opened for reading /proc/25/status Space.i686.elf File opened for reading /proc/90/status Space.i686.elf File opened for reading /proc/97/status Space.i686.elf File opened for reading /proc/583/status Space.i686.elf