Overview

overview

10

Static

static

10

09f6d3428f...00.elf

ubuntu-24.04-amd64

7

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    11-01-2025 02:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09f6d3428f6ad98b827b4a2d7cb2e5c62cd9a4e9477d6f6132f5c7e5b61deb00.elf

  • Size

    108KB

  • MD5

    d80987391e75192cf4d80073f9d4d30e

  • SHA1

    496a56e87bb2715f711801a90905b3ca0069f11b

  • SHA256

    09f6d3428f6ad98b827b4a2d7cb2e5c62cd9a4e9477d6f6132f5c7e5b61deb00

  • SHA512

    9093017a3c6b5afde25d9f97512bda84ef902efe5c9de6e4717992d10e5a04f7fa7bda2761007accb9b125c628b5534fcbc1d60d79fad04a2fcf50e1958ac6d0

  • SSDEEP

    3072:RiryBV5RUKun9qEbB6yqz45feauvU80m7FnVYIY+F5mRe:F5sXZqMxYU80m7FnVYIY+F5mRe

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery

Processes

  • /tmp/09f6d3428f6ad98b827b4a2d7cb2e5c62cd9a4e9477d6f6132f5c7e5b61deb00.elf
    /tmp/09f6d3428f6ad98b827b4a2d7cb2e5c62cd9a4e9477d6f6132f5c7e5b61deb00.elf
    1⤵
    • Modifies Watchdog functionality
    • Reads system routing table
    • Changes its process name
    • Reads system network configuration
    PID:2465

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads