91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a

Analysis

max time kernel
135s
max time network
138s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
08/03/2025, 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a.elf
Size

162KB
MD5

c8a4c82cf20d8084ae8c033cec1a89ec
SHA1

41636c100970c6247bfcdbb77706bc57092d3fc8
SHA256

91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a
SHA512

c9baa532fc4c137a2c50213f3e4ac369dbcdaf4e19f5dc275e40c1fa35b7e9b52ba5d281de56337e39b5c050de235bac6d073ca413b8eb8eec660d4cabc14bae
SSDEEP

3072:EGI4HqR83prk/BES/NDkanLiXGjs6MyWqlRRnbaBfl7b1rv4aw1RPPS:EGI4HqR8Zrk/BESrLZMyWi2BPwvPPS

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (7170) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Deletes itself 1 IoCs

pid	Process
2364	91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a.elf

Modifies Watchdog functionality 1 TTPs 1 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a.elf

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog:	91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a.elf
File opened for modification	/bin/watchdog:	91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2363	91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a.elf

/tmp/91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a.elf
/tmp/91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a.elf
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name
PID:2363

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads