7f300531e4abdfa4d109748dc59e8620840fe8db77dabbea64f38bb99b0fdc06

Analysis

max time kernel
148s
max time network
150s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
27-12-2024 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
Size

77KB
MD5

a4a97c1ab0de554f91fb804680975284
SHA1

8f825d480de4443776ff44eaca3cd9c2aa4528b1
SHA256

7f300531e4abdfa4d109748dc59e8620840fe8db77dabbea64f38bb99b0fdc06
SHA512

9425b7bfa99fe17f899d458e84c8fc1904fdd824701590ca0d60f056a47b0e09678d887134dd73c534e78ccaaa5e206535445ab27461c91fc412096752ad4a4d
SSDEEP

1536:5sdR92glIQRSF2MhldlO+ttM98cKJdxZZxJ+BAQoEQ1It3R+yd5bUWarW8j0tZxZ:md6dQRSQsdlX/3An2tc

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for modification	/dev/misc/watchdog	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for modification	/bin/watchdog	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/828/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/854/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1019/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1044/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/78/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/83/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/86/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/709/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/458/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/590/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/632/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1182/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/2/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/27/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/85/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/377/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/21/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/81/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/520/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/633/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/76/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1166/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1194/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/725/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/848/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1244/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/8/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/17/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/213/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/415/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/965/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1163/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/23/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/74/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/224/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/727/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/827/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1086/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1164/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1179/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1571/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/16/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/315/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/594/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1149/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/526/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1262/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1549/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/418/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/631/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/774/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1238/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1452/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/1518/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/92/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/159/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/215/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/870/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/993/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/10/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/89/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/99/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/409/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
File opened for reading	/proc/98/status	2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp

/tmp/2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
/tmp/2441-1-0x0000000000400000-0x0000000000614b00-memory.dmp
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:1571

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads