Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
27-12-2024 02:46
Behavioral task
behavioral1
Sample
ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
9 signatures
150 seconds
General
-
Target
ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf
-
Size
29KB
-
MD5
9c04ed95992e4b7589d2cfaf2b6b6afb
-
SHA1
f512b4b75401213c5734fc1c724e00b9dd7fdafb
-
SHA256
ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185
-
SHA512
f093f6c21d840575cefb2bf3d1b4f4a3f9f3729c4c74c17846aa194223cbe0dd7eb182c55ae15f31d496671e0d6ea1a6f0dd3d2b10e1f32f396f0f573d28db92
-
SSDEEP
768:xN8fWlfoQmQAXV7E/QciiRcLprDKvscq2:jMNXFl76N4Pap
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Contacts a large (20458) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/misc/watchdog ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for modification /dev/watchdog ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf -
description ioc Process File opened for reading /proc/610/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1108/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1130/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1090/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1048/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1137/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1378/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1290/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1169/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1347/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/427/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/617/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/665/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1150/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/870/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1088/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/590/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1562/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1162/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1057/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1108/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/847/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1167/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1364/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/665/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/847/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1146/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1597/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/749/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1146/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1454/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/638/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1298/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/845/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1253/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1590/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/610/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1048/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1066/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1075/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1066/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1075/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1163/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1314/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/775/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1037/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1378/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1187/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/416/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1114/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1225/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/617/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1163/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1201/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1218/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/522/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/641/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1165/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/781/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1347/exe ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/524/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/731/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf File opened for reading /proc/1164/fd ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185.elf