Analysis
-
max time kernel
149s -
max time network
128s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
12-01-2025 16:53
Behavioral task
behavioral1
Sample
2441-1-0x0000000000400000-0x0000000000514788-memory.dmp
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
4 signatures
150 seconds
General
-
Target
2441-1-0x0000000000400000-0x0000000000514788-memory.dmp
-
Size
78KB
-
MD5
85425697cc12413b24d6e678f17cbe21
-
SHA1
dfcd1c8e4af7072c2a5d069cc57c7b5ab300199c
-
SHA256
133eacb0e4d6397e1bd1b02e7b47bc5c306735795f812034b8bcb33fda4b9183
-
SHA512
fcc270a04df21619f3375508cfab88837fee6411c3d1b28af06df13f66611f4ef40fcbde7a558ede071b3440094bf8c8cd971c132325ab7c193c1ed377867127
-
SSDEEP
1536:+eBrtSIjPBIqOqudbau2wJC8AE4bzW9nsbptQzumpZJxlXxcLDHaEdB:xhtBjPBqqG29GC8P4bzenMYpZJxlXxK7
Score
7/10
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/misc/watchdog 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for modification /dev/watchdog 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /bin/watchdog 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for modification /sbin/watchdog 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp -
description ioc Process File opened for reading /proc/1402/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/514/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/791/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1049/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2226/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1055/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1077/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2064/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2504/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/418/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1994/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2000/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/441/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1925/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2156/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2255/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/863/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1076/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1898/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2508/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2537/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/763/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1718/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2007/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1876/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1921/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2002/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2039/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2098/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1043/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1123/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1261/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2245/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2116/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/756/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1982/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1991/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1949/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2038/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2436/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1401/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1851/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1900/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/862/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1121/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1810/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1124/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2003/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2350/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/772/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/789/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1912/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1952/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2200/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1708/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2149/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2110/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1705/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2139/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2159/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2304/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1129/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/1985/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp File opened for reading /proc/2008/cmdline 2441-1-0x0000000000400000-0x0000000000514788-memory.dmp