dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5

Analysis

max time kernel
29s
max time network
149s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
15-01-2025 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5.elf
Size

44KB
MD5

b2ce46e698f84bbbd7e140fc17f0da2a
SHA1

79b4efc7244acbb5f3bf72994db77b7033e639ef
SHA256

dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5
SHA512

cc81dafa315c2e5e33f534687a323bda80dac082cb05ba117f7e22e21006a142d5d2c15aff792e58f0c5b36bbfba446bd9b114fa789b13f07efeaf28a3f5bca0
SSDEEP

768:JDpazul5ouhJSaHWut0mf1Ywcm4l1AEcx9FX59fcjy53bOwYmzs:JDpazul5ouhAhuNff4l1AEqTfcjA36v9

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (113614) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5.elf
File opened for modification	/dev/misc/watchdog	dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/var/Sofia	1565	dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5.elf

/tmp/dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5.elf
/tmp/dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5.elf
1⤵
- Modifies Watchdog functionality
- Changes its process name
PID:1565

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads