Analysis
-
max time kernel
149s -
max time network
149s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
09-02-2025 10:16
Behavioral task
behavioral1
Sample
Hgf.x86_64.elf
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
8 signatures
150 seconds
General
-
Target
Hgf.x86_64.elf
-
Size
25KB
-
MD5
412e798060a55df1bae4a77406ef5a4f
-
SHA1
055968937a264fb5fdb4cf6d1f00fd303f61ddd2
-
SHA256
70f252fbf9c628ecb02bc789ab2e4c0c50f1319b83576d8f705d52155c8ab687
-
SHA512
eb7088b6b54e3939921518c2e2b48656dd97c5cca4dc8101ceaddfce54125a40bc028f3f18d7b470b044639907446b812c0b3cd8ac585cfd9d74c64fb8d0101a
-
SSDEEP
384:ZBmG2zuJACD98F0ibPnlJtVYi5ePKE5r8aFDU/A+lD75HeIxBrqCoHY4FhKMSC4O:zmgSDiibPnXuBQNHeIxBOHDaEKGe6hx
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
BOTNET
C2
cnc.stressamp.com
Signatures
-
Mirai family
-
Contacts a large (75753) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog Hgf.x86_64.elf File opened for modification /dev/misc/watchdog Hgf.x86_64.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/Sofia 1505 Hgf.x86_64.elf -
description ioc Process File opened for reading /proc/168/cmdline Hgf.x86_64.elf File opened for reading /proc/1192/cmdline Hgf.x86_64.elf File opened for reading /proc/1501/cmdline Hgf.x86_64.elf File opened for reading /proc/18/cmdline Hgf.x86_64.elf File opened for reading /proc/1062/cmdline Hgf.x86_64.elf File opened for reading /proc/613/cmdline Hgf.x86_64.elf File opened for reading /proc/78/cmdline Hgf.x86_64.elf File opened for reading /proc/212/cmdline Hgf.x86_64.elf File opened for reading /proc/423/cmdline Hgf.x86_64.elf File opened for reading /proc/522/cmdline Hgf.x86_64.elf File opened for reading /proc/735/cmdline Hgf.x86_64.elf File opened for reading /proc/1476/cmdline Hgf.x86_64.elf File opened for reading /proc/1499/cmdline Hgf.x86_64.elf File opened for reading /proc/14/cmdline Hgf.x86_64.elf File opened for reading /proc/1029/cmdline Hgf.x86_64.elf File opened for reading /proc/1305/cmdline Hgf.x86_64.elf File opened for reading /proc/85/cmdline Hgf.x86_64.elf File opened for reading /proc/954/cmdline Hgf.x86_64.elf File opened for reading /proc/416/cmdline Hgf.x86_64.elf File opened for reading /proc/948/cmdline Hgf.x86_64.elf File opened for reading /proc/1068/cmdline Hgf.x86_64.elf File opened for reading /proc/1082/cmdline Hgf.x86_64.elf File opened for reading /proc/1508/cmdline Hgf.x86_64.elf File opened for reading /proc/477/cmdline Hgf.x86_64.elf File opened for reading /proc/187/cmdline Hgf.x86_64.elf File opened for reading /proc/471/cmdline Hgf.x86_64.elf File opened for reading /proc/612/cmdline Hgf.x86_64.elf File opened for reading /proc/1145/cmdline Hgf.x86_64.elf File opened for reading /proc/1173/cmdline Hgf.x86_64.elf File opened for reading /proc/19/cmdline Hgf.x86_64.elf File opened for reading /proc/330/cmdline Hgf.x86_64.elf File opened for reading /proc/469/cmdline Hgf.x86_64.elf File opened for reading /proc/688/cmdline Hgf.x86_64.elf File opened for reading /proc/1058/cmdline Hgf.x86_64.elf File opened for reading /proc/1197/cmdline Hgf.x86_64.elf File opened for reading /proc/1284/cmdline Hgf.x86_64.elf File opened for reading /proc/12/cmdline Hgf.x86_64.elf File opened for reading /proc/79/cmdline Hgf.x86_64.elf File opened for reading /proc/98/cmdline Hgf.x86_64.elf File opened for reading /proc/169/cmdline Hgf.x86_64.elf File opened for reading /proc/170/cmdline Hgf.x86_64.elf File opened for reading /proc/481/cmdline Hgf.x86_64.elf File opened for reading /proc/523/cmdline Hgf.x86_64.elf File opened for reading /proc/673/cmdline Hgf.x86_64.elf File opened for reading /proc/35/cmdline Hgf.x86_64.elf File opened for reading /proc/1010/cmdline Hgf.x86_64.elf File opened for reading /proc/1127/cmdline Hgf.x86_64.elf File opened for reading /proc/945/cmdline Hgf.x86_64.elf File opened for reading /proc/179/cmdline Hgf.x86_64.elf File opened for reading /proc/83/cmdline Hgf.x86_64.elf File opened for reading /proc/17/cmdline Hgf.x86_64.elf File opened for reading /proc/21/cmdline Hgf.x86_64.elf File opened for reading /proc/36/cmdline Hgf.x86_64.elf File opened for reading /proc/422/cmdline Hgf.x86_64.elf File opened for reading /proc/1144/cmdline Hgf.x86_64.elf File opened for reading /proc/1185/cmdline Hgf.x86_64.elf File opened for reading /proc/1275/cmdline Hgf.x86_64.elf File opened for reading /proc/2/cmdline Hgf.x86_64.elf File opened for reading /proc/1500/cmdline Hgf.x86_64.elf File opened for reading /proc/684/cmdline Hgf.x86_64.elf File opened for reading /proc/966/cmdline Hgf.x86_64.elf File opened for reading /proc/253/cmdline Hgf.x86_64.elf File opened for reading /proc/176/cmdline Hgf.x86_64.elf File opened for reading /proc/666/cmdline Hgf.x86_64.elf