Analysis
-
max time kernel
130s -
max time network
150s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
22-12-2024 20:17
Behavioral task
behavioral1
Sample
loligang.x86-20241222-2016.elf
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
loligang.x86-20241222-2016.elf
-
Size
64KB
-
MD5
2354f2531c0bf296738fa7733c42785f
-
SHA1
86508e4ee74c70bf226f6666bf227a12be69dcad
-
SHA256
3d0b5252c0f8736759af8b122612395ea484794afbdeb5435769f3c164d04c93
-
SHA512
eda30463d2e8355af4d6626815aedb78b1b5d43c4df53e4a9a72405074a22e9fd09f54e882b0c5ad5136202907a7e6e599d29d325d6e0b3188e6f8ff77abe679
-
SSDEEP
1536:IoRC9170vwHbQXZ5+qXDEuXi90dSW7V/DjObeFt6PuQ4Zc:PC917iwHbQXZ5+qXA594SWZ/XObeb6G7
Malware Config
Signatures
-
Contacts a large (20233) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog loligang.x86-20241222-2016.elf File opened for modification /dev/misc/watchdog loligang.x86-20241222-2016.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp loligang.x86-20241222-2016.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp loligang.x86-20241222-2016.elf -
description ioc Process File opened for reading /proc/980/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1275/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1589/exe loligang.x86-20241222-2016.elf File opened for reading /proc/406/exe loligang.x86-20241222-2016.elf File opened for reading /proc/586/exe loligang.x86-20241222-2016.elf File opened for reading /proc/838/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1167/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1378/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1386/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1571/fd loligang.x86-20241222-2016.elf File opened for reading /proc/637/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1038/exe loligang.x86-20241222-2016.elf File opened for reading /proc/590/fd loligang.x86-20241222-2016.elf File opened for reading /proc/637/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1077/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1224/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1013/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1126/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1560/fd loligang.x86-20241222-2016.elf File opened for reading /proc/409/exe loligang.x86-20241222-2016.elf File opened for reading /proc/769/exe loligang.x86-20241222-2016.elf File opened for reading /proc/588/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1239/fd loligang.x86-20241222-2016.elf File opened for reading /proc/991/fd loligang.x86-20241222-2016.elf File opened for reading /proc/452/exe loligang.x86-20241222-2016.elf File opened for reading /proc/980/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1558/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1590/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1092/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1491/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1574/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1100/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1160/fd loligang.x86-20241222-2016.elf File opened for reading /proc/589/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1053/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1107/exe loligang.x86-20241222-2016.elf File opened for reading /proc/741/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1077/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1142/fd loligang.x86-20241222-2016.elf File opened for reading /proc/678/exe loligang.x86-20241222-2016.elf File opened for reading /proc/963/exe loligang.x86-20241222-2016.elf File opened for reading /proc/612/fd loligang.x86-20241222-2016.elf File opened for reading /proc/838/fd loligang.x86-20241222-2016.elf File opened for reading /proc/412/exe loligang.x86-20241222-2016.elf File opened for reading /proc/845/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1163/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1172/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1284/exe loligang.x86-20241222-2016.elf File opened for reading /proc/635/exe loligang.x86-20241222-2016.elf File opened for reading /proc/782/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1452/exe loligang.x86-20241222-2016.elf File opened for reading /proc/636/fd loligang.x86-20241222-2016.elf File opened for reading /proc/710/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1172/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1188/fd loligang.x86-20241222-2016.elf File opened for reading /proc/1142/exe loligang.x86-20241222-2016.elf File opened for reading /proc/1271/exe loligang.x86-20241222-2016.elf File opened for reading /proc/635/fd loligang.x86-20241222-2016.elf File opened for reading /proc/782/fd loligang.x86-20241222-2016.elf File opened for reading /proc/512/exe loligang.x86-20241222-2016.elf File opened for reading /proc/636/exe loligang.x86-20241222-2016.elf File opened for reading /proc/741/exe loligang.x86-20241222-2016.elf File opened for reading /proc/972/exe loligang.x86-20241222-2016.elf File opened for reading /proc/594/fd loligang.x86-20241222-2016.elf