Analysis
-
max time kernel
30s -
max time network
45s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
29-01-2025 15:51
Behavioral task
behavioral1
Sample
x86
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
6 signatures
150 seconds
General
-
Target
x86
-
Size
45KB
-
MD5
2fecd2ea233a6a25108b24507ed42d92
-
SHA1
13a4bbad492664537a17eaca0ce8e1438ea61e73
-
SHA256
76be449e67d2c68c75ff0312a50904140cde0a479968f0fe32192bb9a7e76782
-
SHA512
5440d9f5393fa279c09683bb8d605322398427e915a863703e8768995b2827bb219591005b0ed8bdc6a8cdeca1d027a800bf4d341f9d59428b6a0c9e6e3392d6
-
SSDEEP
768:xk/LjSNwrGBs80WEe9lyXR2k4kHgMVfM1gY4/UGZXTfOEmo3kP:xk/LjSNwrGBzFEZpgHt4JZXTfObo3k
Score
9/10
Malware Config
Signatures
-
Contacts a large (40110) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself /var/Sofia 1388 -
description ioc File opened for reading /proc/1150/cmdline File opened for reading /proc/86/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/394/cmdline File opened for reading /proc/594/cmdline File opened for reading /proc/990/cmdline File opened for reading /proc/1324/cmdline File opened for reading /proc/1333/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/1021/cmdline File opened for reading /proc/1026/cmdline File opened for reading /proc/1052/cmdline File opened for reading /proc/1080/cmdline File opened for reading /proc/1385/cmdline File opened for reading /proc/621/cmdline File opened for reading /proc/176/cmdline File opened for reading /proc/393/cmdline File opened for reading /proc/924/cmdline File opened for reading /proc/75/cmdline File opened for reading /proc/511/cmdline File opened for reading /proc/677/cmdline File opened for reading /proc/1120/cmdline File opened for reading /proc/1345/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/102/cmdline File opened for reading /proc/569/cmdline File opened for reading /proc/1074/cmdline File opened for reading /proc/1090/cmdline File opened for reading /proc/1106/cmdline File opened for reading /proc/71/cmdline File opened for reading /proc/105/cmdline File opened for reading /proc/453/cmdline File opened for reading /proc/493/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/85/cmdline File opened for reading /proc/88/cmdline File opened for reading /proc/201/cmdline File opened for reading /proc/440/cmdline File opened for reading /proc/455/cmdline File opened for reading /proc/1109/cmdline File opened for reading /proc/73/cmdline File opened for reading /proc/1241/cmdline File opened for reading /proc/172/cmdline File opened for reading /proc/443/cmdline File opened for reading /proc/567/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/994/cmdline File opened for reading /proc/1072/cmdline File opened for reading /proc/1178/cmdline File opened for reading /proc/1305/cmdline File opened for reading /proc/174/cmdline File opened for reading /proc/766/cmdline File opened for reading /proc/1035/cmdline File opened for reading /proc/1119/cmdline File opened for reading /proc/1327/cmdline File opened for reading /proc/454/cmdline File opened for reading /proc/76/cmdline File opened for reading /proc/79/cmdline File opened for reading /proc/90/cmdline File opened for reading /proc/118/cmdline File opened for reading /proc/161/cmdline File opened for reading /proc/170/cmdline