Analysis
-
max time kernel
145s -
max time network
149s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
11-01-2025 23:11
Behavioral task
behavioral1
Sample
2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp
-
Size
73KB
-
MD5
84e31a7043c531350b0350e83a784ed5
-
SHA1
f86baf08e00eecca586dc3fd6d9b67bba8bb9e38
-
SHA256
1803704d9003e67f4b79e17e1c2e71ebefd1fff8504f2ff397c21c9aa8e70d69
-
SHA512
0780de962664f36f03ae223a03418d173457961fa35d09dfbafb85a6c48306b10e07191ca532e9700351bc8079bc36271a0f35695d11be02eb0033cb30483286
-
SSDEEP
1536:WeuIZobBwAnIvIb/+w4HnC+8l8AnzcfH/:huIZRAIvIf4HT8l8AzcfH/
Score
7/10
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for modification /dev/misc/watchdog 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /bin/watchdog 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for modification /sbin/watchdog 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp -
description ioc Process File opened for reading /proc/13/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/494/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1066/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1352/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/5/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/17/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/263/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/521/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/638/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/748/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/314/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/416/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1166/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1190/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1555/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1275/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1426/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/2/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/7/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/24/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/75/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/634/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/588/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/761/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/973/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/86/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/90/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/98/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/114/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/739/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1057/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/26/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/216/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1070/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1241/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/796/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1232/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/21/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/25/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/222/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/413/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/639/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/640/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1111/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1157/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/22/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/204/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/224/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/411/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/613/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/962/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1014/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1177/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/9/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/14/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/97/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/223/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/493/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/841/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1394/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/731/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/759/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp File opened for reading /proc/1096/status 2830-1-0x0000000000400000-0x00000000005156e8-memory.dmp