Overview

overview

10

Static

static

10

x86_64.elf

ubuntu-24.04-amd64

9

Analysis

  • max time kernel
    90s
  • max time network
    152s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20250307-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    20/03/2025, 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x86_64.elf

  • Size

    53KB

  • MD5

    1a9b6fcb29d98ec7016fef4845ef5645

  • SHA1

    282f71dfd12ef23a97b8c29bdd885a42b40234eb

  • SHA256

    9cc03769bc13807ead07813d834cf9c9f80a92c422d4d8af8a99d22a0453039c

  • SHA512

    58374261b7f5f96952d96821df9a2e1eded0a1c1d818f9a25ff88161e4d60de8954e53286b2900816324e992b3e20c7b0dbaad2e3793c48ce373ba5525190b62

  • SSDEEP

    1536:LJCqjbwNRaPq5FllaxwOzvTFToaoNqEv:7jEraP4llaxwITFT3WqE

Score
9/10
defense_evasiondiscovery

Malware Config

Signatures

  • Contacts a large (111826) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/x86_64.elf
    /tmp/x86_64.elf
    1⤵
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:2889

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads