Analysis
-
max time kernel
149s -
max time network
148s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20250410-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20250410-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
14/04/2025, 19:55
Behavioral task
behavioral1
Sample
1572-1-0x0000000008048000-0x0000000008059ac0-memory.dmp
Resource
ubuntu2204-amd64-20250410-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
1572-1-0x0000000008048000-0x0000000008059ac0-memory.dmp
-
Size
57KB
-
MD5
cfb42fe602cfe0d9c8d13e8458c5e338
-
SHA1
37cfec4ad55bfdd904740501ca6f2b6c855e2400
-
SHA256
2080c0fa71e442995a263b3c6d1194d1215f54e0de74bc91380be7d5571808c4
-
SHA512
de47b34bbe07b3328e74ec2b3f6e8d44556257affda82cafca5997ad7d2d7b77adb73cd0a5ee0621a8c7917055be4cb61cec83b89d67261b7d75a3441cb0a27d
-
SSDEEP
1536:NyN5z8bAOpvnd02e98v2POtI7i1BDU+JSz0RZ17+v2nzhNKSMo:oN5wUOpvnReO2Wtw+gz0r1K+nMo
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid 1571 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Changes its process name 1 IoCs
description pid Changes the process name, possibly in an attempt to hide itself 1571 -
description ioc File opened for reading /proc/739cmdline File opened for reading /proc/1576cmdline File opened for reading /proc/23cmdline File opened for reading /proc/925cmdline File opened for reading /proc/1109cmdline File opened for reading /proc/1494cmdline File opened for reading /proc/21cmdline File opened for reading /proc/77cmdline File opened for reading /proc/225cmdline File opened for reading /proc/1317cmdline File opened for reading /proc/11cmdline File opened for reading /proc/86cmdline File opened for reading /proc/982cmdline File opened for reading /proc/73cmdline File opened for reading /proc/78cmdline File opened for reading /proc/735cmdline File opened for reading /proc/889cmdline File opened for reading /proc/971cmdline File opened for reading /proc/93cmdline File opened for reading /proc/94cmdline File opened for reading /proc/314cmdline File opened for reading /proc/586cmdline File opened for reading /proc/646cmdline File opened for reading /proc/951cmdline File opened for reading /proc/1000cmdline File opened for reading /proc/25cmdline File opened for reading /proc/802cmdline File opened for reading /proc/914cmdline File opened for reading /proc/926cmdline File opened for reading /proc/1032cmdline File opened for reading /proc/1040cmdline File opened for reading /proc/1096cmdline File opened for reading /proc/1111cmdline File opened for reading /proc/1204cmdline File opened for reading /proc/90cmdline File opened for reading /proc/634cmdline File opened for reading /proc/667cmdline File opened for reading /proc/763cmdline File opened for reading /proc/102cmdline File opened for reading /proc/593cmdline File opened for reading /proc/741cmdline File opened for reading /proc/1101cmdline File opened for reading /proc/4cmdline File opened for reading /proc/27cmdline File opened for reading /proc/585cmdline File opened for reading /proc/588cmdline File opened for reading /proc/592cmdline File opened for reading /proc/748cmdline File opened for reading /proc/1100cmdline File opened for reading /proc/1573cmdline File opened for reading /proc/10cmdline File opened for reading /proc/20cmdline File opened for reading /proc/315cmdline File opened for reading /proc/408cmdline File opened for reading /proc/789cmdline File opened for reading /proc/1081cmdline File opened for reading /proc/1104cmdline File opened for reading /proc/18cmdline File opened for reading /proc/101cmdline File opened for reading /proc/410cmdline File opened for reading /proc/761cmdline File opened for reading /proc/768cmdline File opened for reading /proc/1126cmdline File opened for reading /proc/1559cmdline