Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
15-01-2025 14:48
Behavioral task
behavioral1
Sample
xd.x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
9 signatures
150 seconds
General
-
Target
xd.x86.elf
-
Size
29KB
-
MD5
cb02e84a85813c662f7191cc1d19685f
-
SHA1
59ad600226c432b1b8c3a077be7a6c280c2da1a1
-
SHA256
3aff058d7b58eb91ccde83818aae5dd597aae06d96ab89c080c0a3d88f877f31
-
SHA512
ea9bea2cb21045791f611089d04714ef109dfc77d462763811bd4ce0dfeae93e7b6bd26637ccfc32e840504de17bf7da45ec29f0639f724de77ea985226e2f82
-
SSDEEP
768:W0qH8ZHtmpb0eJ7LI8GqRZLSbS+gl5xV30HMVj/WHVMe1NxUkOGqC:WvH8HtmtvJ7ScP1mAiHeIUkN
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Contacts a large (20453) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog xd.x86.elf File opened for modification /dev/misc/watchdog xd.x86.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp xd.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp xd.x86.elf -
description ioc Process File opened for reading /proc/991/exe xd.x86.elf File opened for reading /proc/1047/exe xd.x86.elf File opened for reading /proc/843/exe xd.x86.elf File opened for reading /proc/1171/exe xd.x86.elf File opened for reading /proc/1241/exe xd.x86.elf File opened for reading /proc/866/fd xd.x86.elf File opened for reading /proc/1167/fd xd.x86.elf File opened for reading /proc/1357/fd xd.x86.elf File opened for reading /proc/737/fd xd.x86.elf File opened for reading /proc/638/exe xd.x86.elf File opened for reading /proc/755/exe xd.x86.elf File opened for reading /proc/1163/exe xd.x86.elf File opened for reading /proc/1179/fd xd.x86.elf File opened for reading /proc/1313/fd xd.x86.elf File opened for reading /proc/1378/fd xd.x86.elf File opened for reading /proc/1161/exe xd.x86.elf File opened for reading /proc/1166/exe xd.x86.elf File opened for reading /proc/558/fd xd.x86.elf File opened for reading /proc/588/fd xd.x86.elf File opened for reading /proc/634/fd xd.x86.elf File opened for reading /proc/1571/fd xd.x86.elf File opened for reading /proc/1574/fd xd.x86.elf File opened for reading /proc/838/exe xd.x86.elf File opened for reading /proc/1179/exe xd.x86.elf File opened for reading /proc/1192/exe xd.x86.elf File opened for reading /proc/638/fd xd.x86.elf File opened for reading /proc/768/fd xd.x86.elf File opened for reading /proc/1232/fd xd.x86.elf File opened for reading /proc/1183/exe xd.x86.elf File opened for reading /proc/1193/fd xd.x86.elf File opened for reading /proc/414/exe xd.x86.elf File opened for reading /proc/742/exe xd.x86.elf File opened for reading /proc/1097/exe xd.x86.elf File opened for reading /proc/1036/fd xd.x86.elf File opened for reading /proc/1373/fd xd.x86.elf File opened for reading /proc/636/exe xd.x86.elf File opened for reading /proc/634/exe xd.x86.elf File opened for reading /proc/1106/exe xd.x86.elf File opened for reading /proc/1284/exe xd.x86.elf File opened for reading /proc/1558/exe xd.x86.elf File opened for reading /proc/586/fd xd.x86.elf File opened for reading /proc/984/fd xd.x86.elf File opened for reading /proc/1168/fd xd.x86.elf File opened for reading /proc/1128/fd xd.x86.elf File opened for reading /proc/784/exe xd.x86.elf File opened for reading /proc/1193/exe xd.x86.elf File opened for reading /proc/1232/exe xd.x86.elf File opened for reading /proc/1180/fd xd.x86.elf File opened for reading /proc/1041/fd xd.x86.elf File opened for reading /proc/870/exe xd.x86.elf File opened for reading /proc/1162/exe xd.x86.elf File opened for reading /proc/783/exe xd.x86.elf File opened for reading /proc/1183/fd xd.x86.elf File opened for reading /proc/682/exe xd.x86.elf File opened for reading /proc/1321/exe xd.x86.elf File opened for reading /proc/1581/exe xd.x86.elf File opened for reading /proc/1511/fd xd.x86.elf File opened for reading /proc/409/exe xd.x86.elf File opened for reading /proc/635/exe xd.x86.elf File opened for reading /proc/1349/exe xd.x86.elf File opened for reading /proc/1077/fd xd.x86.elf File opened for reading /proc/1097/fd xd.x86.elf File opened for reading /proc/1106/fd xd.x86.elf File opened for reading /proc/747/exe xd.x86.elf