3490c02550d5d70c0900ac64d14b4ef284e0ad0fae16fdb6765d1d66baade075

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
29-12-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86.elf
Size

89KB
MD5

a6711697e9f9c62231055e6fcd0f5aaa
SHA1

13bf930b16482cc962a91743e93bed305b397408
SHA256

3490c02550d5d70c0900ac64d14b4ef284e0ad0fae16fdb6765d1d66baade075
SHA512

90b75abd44983cf89e3b9d2ff5bff05e3aca9f9d95b4dd374c783ec3d6ef52159430d40f97440cd1abf0ac5ed20fd8ae5d01f99129cecc23b4b791f5eef34946
SSDEEP

1536:607w/RvCwk931F8JN5fjp7LhNSk1Q2cN9BvnaoetMP80K09lNy3owBYK1s6koEiP:60EJqwk9FFKN5fjpfSk1WBvnaoer0jNm

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (49270) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	x86.elf
File opened for modification	/dev/misc/watchdog	x86.elf

Enumerates active TCP sockets 1 TTPs 1 IoCs

Gets active TCP sockets from /proc virtual filesystem.

discovery

System Network Connections Discovery

T1049

description	ioc	Process
File opened for reading	/proc/net/tcp	x86.elf

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	1565	x86.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/tcp	x86.elf

/tmp/x86.elf
/tmp/x86.elf
1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Changes its process name
- Reads system network configuration
PID:1565

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads