Overview

overview

10

Static

static

10

botx.x86.elf

ubuntu-22.04-amd64

9

Analysis

  • max time kernel
    138s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240522.1-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    30/12/2024, 04:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    botx.x86.elf

  • Size

    50KB

  • MD5

    1092f7846a6ca7a5e92ece0ea93ff82e

  • SHA1

    140fd3e84c49d382e6b0f9a40730d1cd465f8347

  • SHA256

    a5ddb64df4b96bfeae6860981f98b4845df83db34ffaf238548bede6067f15c2

  • SHA512

    11ba6cdfba1784d5f2895f351def8d6a4dc0d5efd56b735978d1ff7416d2a52da07931250f37311362c8d522f7db89e3ac8bf1de890302afa6281ce2a2f6b2ba

  • SSDEEP

    768:ytYRSjaQ9DaZ/oJlExakbMqu8iz/nkvKy+hFlKTm/4RsvKQLDJCgMjz:WYRSjaCu1wlPbPly+hnKq/4G3LNCgMv

Score
9/10
defense_evasiondiscovery

Malware Config

Signatures

  • Contacts a large (56036) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Writes file to system bin folder 1 IoCs
  • Changes its process name 1 IoCs

Processes

  • /tmp/botx.x86.elf
    /tmp/botx.x86.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    PID:1551

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads