Analysis
-
max time kernel
148s -
max time network
153s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
09-02-2025 10:06
Behavioral task
behavioral1
Sample
Hgf.x86_64.elf
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
8 signatures
150 seconds
General
-
Target
Hgf.x86_64.elf
-
Size
25KB
-
MD5
412e798060a55df1bae4a77406ef5a4f
-
SHA1
055968937a264fb5fdb4cf6d1f00fd303f61ddd2
-
SHA256
70f252fbf9c628ecb02bc789ab2e4c0c50f1319b83576d8f705d52155c8ab687
-
SHA512
eb7088b6b54e3939921518c2e2b48656dd97c5cca4dc8101ceaddfce54125a40bc028f3f18d7b470b044639907446b812c0b3cd8ac585cfd9d74c64fb8d0101a
-
SSDEEP
384:ZBmG2zuJACD98F0ibPnlJtVYi5ePKE5r8aFDU/A+lD75HeIxBrqCoHY4FhKMSC4O:zmgSDiibPnXuBQNHeIxBOHDaEKGe6hx
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
BOTNET
C2
cnc.stressamp.com
Signatures
-
Mirai family
-
Contacts a large (75744) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/misc/watchdog Hgf.x86_64.elf File opened for modification /dev/watchdog Hgf.x86_64.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/Sofia 1565 Hgf.x86_64.elf -
description ioc Process File opened for reading /proc/91/cmdline Hgf.x86_64.elf File opened for reading /proc/102/cmdline Hgf.x86_64.elf File opened for reading /proc/701/cmdline Hgf.x86_64.elf File opened for reading /proc/787/cmdline Hgf.x86_64.elf File opened for reading /proc/1037/cmdline Hgf.x86_64.elf File opened for reading /proc/983/cmdline Hgf.x86_64.elf File opened for reading /proc/1052/cmdline Hgf.x86_64.elf File opened for reading /proc/23/cmdline Hgf.x86_64.elf File opened for reading /proc/24/cmdline Hgf.x86_64.elf File opened for reading /proc/416/cmdline Hgf.x86_64.elf File opened for reading /proc/427/cmdline Hgf.x86_64.elf File opened for reading /proc/585/cmdline Hgf.x86_64.elf File opened for reading /proc/639/cmdline Hgf.x86_64.elf File opened for reading /proc/1415/cmdline Hgf.x86_64.elf File opened for reading /proc/1520/cmdline Hgf.x86_64.elf File opened for reading /proc/2/cmdline Hgf.x86_64.elf File opened for reading /proc/9/cmdline Hgf.x86_64.elf File opened for reading /proc/206/cmdline Hgf.x86_64.elf File opened for reading /proc/314/cmdline Hgf.x86_64.elf File opened for reading /proc/1196/cmdline Hgf.x86_64.elf File opened for reading /proc/1219/cmdline Hgf.x86_64.elf File opened for reading /proc/588/cmdline Hgf.x86_64.elf File opened for reading /proc/740/cmdline Hgf.x86_64.elf File opened for reading /proc/8/cmdline Hgf.x86_64.elf File opened for reading /proc/75/cmdline Hgf.x86_64.elf File opened for reading /proc/79/cmdline Hgf.x86_64.elf File opened for reading /proc/114/cmdline Hgf.x86_64.elf File opened for reading /proc/119/cmdline Hgf.x86_64.elf File opened for reading /proc/470/cmdline Hgf.x86_64.elf File opened for reading /proc/1055/cmdline Hgf.x86_64.elf File opened for reading /proc/1177/cmdline Hgf.x86_64.elf File opened for reading /proc/1217/cmdline Hgf.x86_64.elf File opened for reading /proc/1487/cmdline Hgf.x86_64.elf File opened for reading /proc/1309/cmdline Hgf.x86_64.elf File opened for reading /proc/19/cmdline Hgf.x86_64.elf File opened for reading /proc/93/cmdline Hgf.x86_64.elf File opened for reading /proc/593/cmdline Hgf.x86_64.elf File opened for reading /proc/761/cmdline Hgf.x86_64.elf File opened for reading /proc/1157/cmdline Hgf.x86_64.elf File opened for reading /proc/1214/cmdline Hgf.x86_64.elf File opened for reading /proc/1282/cmdline Hgf.x86_64.elf File opened for reading /proc/1319/cmdline Hgf.x86_64.elf File opened for reading /proc/88/cmdline Hgf.x86_64.elf File opened for reading /proc/216/cmdline Hgf.x86_64.elf File opened for reading /proc/589/cmdline Hgf.x86_64.elf File opened for reading /proc/774/cmdline Hgf.x86_64.elf File opened for reading /proc/1032/cmdline Hgf.x86_64.elf File opened for reading /proc/1198/cmdline Hgf.x86_64.elf File opened for reading /proc/self/exe Hgf.x86_64.elf File opened for reading /proc/163/cmdline Hgf.x86_64.elf File opened for reading /proc/654/cmdline Hgf.x86_64.elf File opened for reading /proc/81/cmdline Hgf.x86_64.elf File opened for reading /proc/101/cmdline Hgf.x86_64.elf File opened for reading /proc/200/cmdline Hgf.x86_64.elf File opened for reading /proc/1043/cmdline Hgf.x86_64.elf File opened for reading /proc/1180/cmdline Hgf.x86_64.elf File opened for reading /proc/1183/cmdline Hgf.x86_64.elf File opened for reading /proc/5/cmdline Hgf.x86_64.elf File opened for reading /proc/14/cmdline Hgf.x86_64.elf File opened for reading /proc/27/cmdline Hgf.x86_64.elf File opened for reading /proc/95/cmdline Hgf.x86_64.elf File opened for reading /proc/587/cmdline Hgf.x86_64.elf File opened for reading /proc/750/cmdline Hgf.x86_64.elf File opened for reading /proc/1/cmdline Hgf.x86_64.elf