3c7e5dbd1d76c5c80069f08d50ec5a810ae7b5c80c37367dee2a5d4059ee2486

Analysis

max time kernel
0s
max time network
53s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
26-12-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
Size

72KB
MD5

c13a112f2e985621fd5ad80d9498ddc0
SHA1

74803360450428dbf42d05ed4953fd36fded4830
SHA256

3c7e5dbd1d76c5c80069f08d50ec5a810ae7b5c80c37367dee2a5d4059ee2486
SHA512

30f2aac94f1c878a3daa8b9cd5bd72bf0539e41424283ae928f6e926fb524bc1bfb0212b79822146e14f9baf45f042e6bba145c6dab5e7286d62852cda063d36
SSDEEP

1536:iMwuGYKLP/5jdYu9W93U2x6cR6hIJPUNg2TPCUX09/YEQB5p:guGfLP/5uu9MPscR6hIhUNRPvk95k5p

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/misc/watchdog	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for modification	/dev/watchdog	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/418/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/590/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/868/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/21/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/25/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/97/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/110/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/207/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/414/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/637/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/747/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1439/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/14/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/99/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/114/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/617/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/746/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/771/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1188/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1287/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1569/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/851/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1063/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1082/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1386/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/5/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/594/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1045/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1183/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/6/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/199/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/201/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/859/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1100/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1573/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/9/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/79/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/89/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/101/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/102/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/314/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/160/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1080/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1132/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/95/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/217/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/828/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1161/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1310/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1434/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/12/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/20/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/22/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/73/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/209/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/218/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/957/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1034/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/15/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/17/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/27/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/81/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/215/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
File opened for reading	/proc/1078/cmdline	1402-1-0x0000000008048000-0x000000000805db60-memory.dmp

/tmp/1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
/tmp/1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:1570

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads