0dd017a9eb6713a38b7b0425197723a1f07b12495d2ec74373d7c77c9003bca5

Analysis

max time kernel
111s
max time network
150s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20250410-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20250410-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
15/04/2025, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4ec4858cea0e68191f2483debd666582115c8e288bf35d70600ab0ef515b2e6.elf
Size

45KB
MD5

4147733c457dd31b0cb6388500241a65
SHA1

4f07692ebf5c3caa8145bf5bb9c097c1e8b2e66d
SHA256

a4ec4858cea0e68191f2483debd666582115c8e288bf35d70600ab0ef515b2e6
SHA512

2afdb5eeeda95db3a4851546e1ff9171664aff48cddaedcc21f7678b2fddac49d53c85875ff55073ff64f3d20407b6607c8de39eacaa7a4eff895b7f93b84ed6
SSDEEP

768:np2DWo6gttU1jzkEUJG81WRol2XBNzS+NgU6ER0jEaR9J:p2DWo6gttU1jzkXJ1sRIQHsUDuE69J

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (187419) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/misc/watchdog
File opened for modification	/dev/watchdog

Renames itself 1 IoCs

pid
1571

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	130.61.64.122

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	gvfs-mtp-volume	1571

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc
File opened for reading	/proc/74/comm
File opened for reading	/proc/683/comm
File opened for reading	/proc/789/comm
File opened for reading	/proc/1180/comm
File opened for reading	/proc/1293/comm
File opened for reading	/proc/11/comm
File opened for reading	/proc/21/comm
File opened for reading	/proc/85/comm
File opened for reading	/proc/698/comm
File opened for reading	/proc/1194/comm
File opened for reading	/proc/16/comm
File opened for reading	/proc/24/comm
File opened for reading	/proc/80/comm
File opened for reading	/proc/592/comm
File opened for reading	/proc/976/comm
File opened for reading	/proc/1312/comm
File opened for reading	/proc/19/comm
File opened for reading	/proc/83/comm
File opened for reading	/proc/88/comm
File opened for reading	/proc/748/comm
File opened for reading	/proc/761/comm
File opened for reading	/proc/1542/comm
File opened for reading	/proc/314/comm
File opened for reading	/proc/587/comm
File opened for reading	/proc/982/comm
File opened for reading	/proc/1083/comm
File opened for reading	/proc/78/comm
File opened for reading	/proc/96/comm
File opened for reading	/proc/739/comm
File opened for reading	/proc/763/comm
File opened for reading	/proc/90/comm
File opened for reading	/proc/92/comm
File opened for reading	/proc/102/comm
File opened for reading	/proc/451/comm
File opened for reading	/proc/722/comm
File opened for reading	/proc/1094/comm
File opened for reading	/proc/1560/comm
File opened for reading	/proc/4/comm
File opened for reading	/proc/14/comm
File opened for reading	/proc/26/comm
File opened for reading	/proc/99/comm
File opened for reading	/proc/263/comm
File opened for reading	/proc/613/comm
File opened for reading	/proc/914/comm
File opened for reading	/proc/951/comm
File opened for reading	/proc/2/comm
File opened for reading	/proc/15/comm
File opened for reading	/proc/17/comm
File opened for reading	/proc/27/comm
File opened for reading	/proc/523/comm
File opened for reading	/proc/667/comm
File opened for reading	/proc/1021/comm
File opened for reading	/proc/1031/comm
File opened for reading	/proc/5/comm
File opened for reading	/proc/1046/comm
File opened for reading	/proc/1070/comm
File opened for reading	/proc/1099/comm
File opened for reading	/proc/1571/comm
File opened for reading	/proc/25/comm
File opened for reading	/proc/110/comm
File opened for reading	/proc/1029/comm
File opened for reading	/proc/1043/comm
File opened for reading	/proc/1096/comm
File opened for reading	/proc/1101/comm

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads