Analysis
-
max time kernel
141s -
max time network
146s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
23-12-2024 00:32
Behavioral task
behavioral1
Sample
ub8ehJSePAfc9FYqZIT6.x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
6 signatures
150 seconds
General
-
Target
ub8ehJSePAfc9FYqZIT6.x86.elf
-
Size
37KB
-
MD5
fc32f8a67d1b0590d25d38c2614d72d9
-
SHA1
be2059efd5d4fcd999672caa7970019eb160bf13
-
SHA256
1bd4414e839b5d0be6d814d0d3daae5f64df063fb87865d32fbe815e02d587fa
-
SHA512
b99e74e7b031a5f21b1fece80c6976718a33efb3da3c13949fa8053f1e47970f335766a4376f33edff2dfaf79b144669ef28387dc73e9ff34cb77c94b47b9047
-
SSDEEP
768:dxaYe0syQ8V3uZJYDR+AGJyQlYuOwqakXzEp3Lj7CGyNGQG12nbcuyD7UrQRjJ:CYgBe3uZgR+zZiw807j7CGb2nouy8ryd
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog ub8ehJSePAfc9FYqZIT6.x86.elf File opened for modification /dev/misc/watchdog ub8ehJSePAfc9FYqZIT6.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /bin/watchdog ub8ehJSePAfc9FYqZIT6.x86.elf File opened for modification /sbin/watchdog ub8ehJSePAfc9FYqZIT6.x86.elf -
description ioc Process File opened for reading /proc/1225/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/90/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/110/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/219/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/870/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/991/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1201/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1353/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/5/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/17/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/80/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1148/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1275/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1278/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/6/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/20/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/747/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/206/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/216/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/508/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/609/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/613/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/15/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/25/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/163/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1559/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1183/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1244/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1511/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/414/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1178/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1235/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/22/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/78/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/200/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/678/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1161/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1249/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1558/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/98/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/208/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/214/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/783/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1105/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1311/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/14/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/81/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/88/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/722/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1367/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1239/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1439/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/11/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/12/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/164/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/89/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/589/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1167/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1427/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/1560/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/74/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/77/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/86/status ub8ehJSePAfc9FYqZIT6.x86.elf File opened for reading /proc/79/status ub8ehJSePAfc9FYqZIT6.x86.elf