Analysis
-
max time kernel
135s -
max time network
146s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
27-12-2024 02:32
Behavioral task
behavioral1
Sample
8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf
Resource
ubuntu1804-amd64-20240729-en
ubuntu-18.04-amd64
6 signatures
150 seconds
General
-
Target
8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf
-
Size
37KB
-
MD5
cab2fc62b63f28cd95c3fdca9ecec6d0
-
SHA1
df33b92944b8436e7310b0a03ca9038b70c65a56
-
SHA256
8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871
-
SHA512
dd2bdb170092fc31e19e072f4b637ccff00a26ca59ddb4e02f01ff189d382c8f0b267eafd3b508ee9fffb076ac8204e2453a6769f7bb2a25b40fd043dd7d2224
-
SSDEEP
768:dxaYe0syQ8V3uZJYDR+AGJyQlYuOwqakXzEp3Lj7z20z49nbcuyD7UrQRj5:CYgBe3uZgR+zZiw807j7S0wnouy8ry9
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for modification /dev/misc/watchdog 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for modification /bin/watchdog 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf -
description ioc Process File opened for reading /proc/1199/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1346/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/10/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/81/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/321/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1120/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1163/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1198/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/558/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1087/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/2/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/23/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/83/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/170/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/172/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/452/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1101/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1183/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1286/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/115/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/171/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1081/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1138/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1150/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1160/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/666/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/964/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/21/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/459/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/471/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1518/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1159/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1169/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1342/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/174/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/533/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/618/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/17/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/36/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/317/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/667/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/684/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1142/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/19/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/453/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/587/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1110/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/98/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/163/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/169/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1522/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/26/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/269/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/454/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/13/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/34/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/137/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/460/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1073/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/1155/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/18/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/20/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/25/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf File opened for reading /proc/165/status 8436a21f6e581d533cc9d3f9b292c89aa171b6c8f560f3baf666b00556b60871.elf