Analysis
-
max time kernel
90s -
max time network
151s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
26-12-2024 04:07
Behavioral task
behavioral1
Sample
xd.x86.elf
Resource
ubuntu1804-amd64-20240729-en
ubuntu-18.04-amd64
9 signatures
150 seconds
General
-
Target
xd.x86.elf
-
Size
29KB
-
MD5
9c04ed95992e4b7589d2cfaf2b6b6afb
-
SHA1
f512b4b75401213c5734fc1c724e00b9dd7fdafb
-
SHA256
ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185
-
SHA512
f093f6c21d840575cefb2bf3d1b4f4a3f9f3729c4c74c17846aa194223cbe0dd7eb182c55ae15f31d496671e0d6ea1a6f0dd3d2b10e1f32f396f0f573d28db92
-
SSDEEP
768:xN8fWlfoQmQAXV7E/QciiRcLprDKvscq2:jMNXFl76N4Pap
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Contacts a large (20468) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog xd.x86.elf File opened for modification /dev/misc/watchdog xd.x86.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp xd.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp xd.x86.elf -
description ioc Process File opened for reading /proc/561/fd xd.x86.elf File opened for reading /proc/1546/exe xd.x86.elf File opened for reading /proc/1894/exe xd.x86.elf File opened for reading /proc/1193/fd xd.x86.elf File opened for reading /proc/1197/fd xd.x86.elf File opened for reading /proc/1785/exe xd.x86.elf File opened for reading /proc/1802/exe xd.x86.elf File opened for reading /proc/1887/exe xd.x86.elf File opened for reading /proc/411/fd xd.x86.elf File opened for reading /proc/1101/fd xd.x86.elf File opened for reading /proc/1801/exe xd.x86.elf File opened for reading /proc/1535/exe xd.x86.elf File opened for reading /proc/1600/exe xd.x86.elf File opened for reading /proc/269/fd xd.x86.elf File opened for reading /proc/1045/fd xd.x86.elf File opened for reading /proc/1141/fd xd.x86.elf File opened for reading /proc/1507/exe xd.x86.elf File opened for reading /proc/967/exe xd.x86.elf File opened for reading /proc/581/fd xd.x86.elf File opened for reading /proc/1180/fd xd.x86.elf File opened for reading /proc/407/exe xd.x86.elf File opened for reading /proc/712/exe xd.x86.elf File opened for reading /proc/1907/exe xd.x86.elf File opened for reading /proc/467/fd xd.x86.elf File opened for reading /proc/1156/fd xd.x86.elf File opened for reading /proc/1277/fd xd.x86.elf File opened for reading /proc/1291/fd xd.x86.elf File opened for reading /proc/1482/fd xd.x86.elf File opened for reading /proc/1517/exe xd.x86.elf File opened for reading /proc/1570/exe xd.x86.elf File opened for reading /proc/1714/exe xd.x86.elf File opened for reading /proc/724/fd xd.x86.elf File opened for reading /proc/1064/fd xd.x86.elf File opened for reading /proc/1154/fd xd.x86.elf File opened for reading /proc/460/exe xd.x86.elf File opened for reading /proc/1502/exe xd.x86.elf File opened for reading /proc/1736/exe xd.x86.elf File opened for reading /proc/319/fd xd.x86.elf File opened for reading /proc/460/fd xd.x86.elf File opened for reading /proc/523/fd xd.x86.elf File opened for reading /proc/553/exe xd.x86.elf File opened for reading /proc/1755/exe xd.x86.elf File opened for reading /proc/1780/exe xd.x86.elf File opened for reading /proc/1/fd xd.x86.elf File opened for reading /proc/959/fd xd.x86.elf File opened for reading /proc/1051/fd xd.x86.elf File opened for reading /proc/1077/fd xd.x86.elf File opened for reading /proc/1356/fd xd.x86.elf File opened for reading /proc/610/fd xd.x86.elf File opened for reading /proc/649/fd xd.x86.elf File opened for reading /proc/969/fd xd.x86.elf File opened for reading /proc/1231/exe xd.x86.elf File opened for reading /proc/1727/exe xd.x86.elf File opened for reading /proc/1051/exe xd.x86.elf File opened for reading /proc/1121/exe xd.x86.elf File opened for reading /proc/1501/exe xd.x86.elf File opened for reading /proc/1125/fd xd.x86.elf File opened for reading /proc/467/exe xd.x86.elf File opened for reading /proc/491/exe xd.x86.elf File opened for reading /proc/561/exe xd.x86.elf File opened for reading /proc/955/exe xd.x86.elf File opened for reading /proc/1523/exe xd.x86.elf File opened for reading /proc/1914/exe xd.x86.elf File opened for reading /proc/461/exe xd.x86.elf