Analysis
-
max time kernel
149s -
max time network
152s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20241127-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20241127-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
27-12-2024 03:15
Behavioral task
behavioral1
Sample
1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp
Resource
ubuntu2004-amd64-20241127-en
ubuntu-20.04-amd64
7 signatures
150 seconds
General
-
Target
1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp
-
Size
61KB
-
MD5
d1afd6d41c1198d5aac198e23308c50a
-
SHA1
3ddaac8b85192e05d81a78cab1c3bbe5bf34e042
-
SHA256
6dfa74995369c98df51d752c0dd2c335b0cb485a0da9c354d53827347df55f5a
-
SHA512
618284edebd82fb649d1ae550cbd6dd6d6f4ea00dc6597da19585e53a53f617158cd1ae96e2a638ec540322b77fab9960535326ef9149443e750cebd5a1b78fc
-
SSDEEP
1536:r+qyu6GBlyt0ZPTJSSWE/9aVHf3kd/Qgo/Weh:r+qx6GBl/5TJSSWE/UVHfs47Oeh
Score
9/10
Malware Config
Signatures
-
Contacts a large (20064) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for modification /dev/misc/watchdog 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp -
description ioc Process File opened for reading /proc/1396/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1104/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1242/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1408/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1085/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/983/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/551/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/907/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1203/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/481/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1025/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1118/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/683/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1338/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1388/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/560/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/626/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/454/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1098/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1145/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/556/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1006/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/923/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/494/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/455/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/998/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1384/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/457/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1085/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/531/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/503/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/950/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/560/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/619/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1398/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1043/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1092/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/473/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/973/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/668/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/442/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/668/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/884/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1043/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1335/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1035/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1364/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/879/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1056/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/514/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/768/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/242/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/679/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1339/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/897/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/457/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1336/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/584/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1106/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/666/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/968/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/983/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/1094/fd 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp File opened for reading /proc/473/exe 1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp