Analysis
-
max time kernel
136s -
max time network
147s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
25-12-2024 10:22
Behavioral task
behavioral1
Sample
Space.x86_64.elf
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
6 signatures
150 seconds
General
-
Target
Space.x86_64.elf
-
Size
36KB
-
MD5
2a970c08a36bf8f55635f35c36450c39
-
SHA1
19178136051ca912cb63f3b660aaff2ad1a0acf2
-
SHA256
24e0c293e85e159f78622bfd49323ffeeae27d8714a4763599eca3d9f0db3979
-
SHA512
671d7a2cce48f7d3716d53b7c4bd365aeba2972101935aa2b5d5f637a7b888caf0e138db9c52c2a0a4e7359eb9909c04563110bc9db9110c8b649c9b9d63039f
-
SSDEEP
768:F+4qtvWUAASje6lhaVG5CHb4diYjLMWf5CcWHdbL5fPr8J75Wx0S:A9tvWrASje4wVGigJmFL578J7AD
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog Space.x86_64.elf File opened for modification /dev/misc/watchdog Space.x86_64.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog Space.x86_64.elf File opened for modification /bin/watchdog Space.x86_64.elf -
description ioc Process File opened for reading /proc/1335/status Space.x86_64.elf File opened for reading /proc/85/status Space.x86_64.elf File opened for reading /proc/91/status Space.x86_64.elf File opened for reading /proc/1328/status Space.x86_64.elf File opened for reading /proc/863/status Space.x86_64.elf File opened for reading /proc/948/status Space.x86_64.elf File opened for reading /proc/1076/status Space.x86_64.elf File opened for reading /proc/1333/status Space.x86_64.elf File opened for reading /proc/1358/status Space.x86_64.elf File opened for reading /proc/90/status Space.x86_64.elf File opened for reading /proc/163/status Space.x86_64.elf File opened for reading /proc/166/status Space.x86_64.elf File opened for reading /proc/482/status Space.x86_64.elf File opened for reading /proc/523/status Space.x86_64.elf File opened for reading /proc/683/status Space.x86_64.elf File opened for reading /proc/1122/status Space.x86_64.elf File opened for reading /proc/20/status Space.x86_64.elf File opened for reading /proc/798/status Space.x86_64.elf File opened for reading /proc/1033/status Space.x86_64.elf File opened for reading /proc/13/status Space.x86_64.elf File opened for reading /proc/924/status Space.x86_64.elf File opened for reading /proc/1119/status Space.x86_64.elf File opened for reading /proc/437/status Space.x86_64.elf File opened for reading /proc/497/status Space.x86_64.elf File opened for reading /proc/783/status Space.x86_64.elf File opened for reading /proc/792/status Space.x86_64.elf File opened for reading /proc/1037/status Space.x86_64.elf File opened for reading /proc/159/status Space.x86_64.elf File opened for reading /proc/172/status Space.x86_64.elf File opened for reading /proc/175/status Space.x86_64.elf File opened for reading /proc/1081/status Space.x86_64.elf File opened for reading /proc/1376/status Space.x86_64.elf File opened for reading /proc/4/status Space.x86_64.elf File opened for reading /proc/161/status Space.x86_64.elf File opened for reading /proc/452/status Space.x86_64.elf File opened for reading /proc/960/status Space.x86_64.elf File opened for reading /proc/1075/status Space.x86_64.elf File opened for reading /proc/14/status Space.x86_64.elf File opened for reading /proc/162/status Space.x86_64.elf File opened for reading /proc/454/status Space.x86_64.elf File opened for reading /proc/1082/status Space.x86_64.elf File opened for reading /proc/1114/status Space.x86_64.elf File opened for reading /proc/1123/status Space.x86_64.elf File opened for reading /proc/1155/status Space.x86_64.elf File opened for reading /proc/2/status Space.x86_64.elf File opened for reading /proc/15/status Space.x86_64.elf File opened for reading /proc/817/status Space.x86_64.elf File opened for reading /proc/572/status Space.x86_64.elf File opened for reading /proc/751/status Space.x86_64.elf File opened for reading /proc/859/status Space.x86_64.elf File opened for reading /proc/1028/status Space.x86_64.elf File opened for reading /proc/1104/status Space.x86_64.elf File opened for reading /proc/18/status Space.x86_64.elf File opened for reading /proc/167/status Space.x86_64.elf File opened for reading /proc/499/status Space.x86_64.elf File opened for reading /proc/1323/status Space.x86_64.elf File opened for reading /proc/177/status Space.x86_64.elf File opened for reading /proc/242/status Space.x86_64.elf File opened for reading /proc/481/status Space.x86_64.elf File opened for reading /proc/790/status Space.x86_64.elf File opened for reading /proc/877/status Space.x86_64.elf File opened for reading /proc/11/status Space.x86_64.elf File opened for reading /proc/88/status Space.x86_64.elf File opened for reading /proc/93/status Space.x86_64.elf