General
-
Target
1d982e5daf65410e1c8315f7d0295325e728ff4970131f3b1aac4bc40bdebd30
-
Size
146KB
-
Sample
220521-xtkaxsfgfl
-
MD5
0b98a88d66b5318b4768b66aa309abd7
-
SHA1
37d026a9a5444828afe65ed7376b7eec0ea3e744
-
SHA256
1d982e5daf65410e1c8315f7d0295325e728ff4970131f3b1aac4bc40bdebd30
-
SHA512
45729317935fbd097a01d34200dcb70285b298a1adfe1b38ece5ecb67b5b12f07b94e924f5031852e8c3b721443e5c57bf0119c81ffb0783a876364dfe339f76
Static task
static1
Behavioral task
behavioral1
Sample
1d982e5daf65410e1c8315f7d0295325e728ff4970131f3b1aac4bc40bdebd30
Resource
debian9-mipsel-en-20211208
Malware Config
Targets
-
-
Target
1d982e5daf65410e1c8315f7d0295325e728ff4970131f3b1aac4bc40bdebd30
-
Size
146KB
-
MD5
0b98a88d66b5318b4768b66aa309abd7
-
SHA1
37d026a9a5444828afe65ed7376b7eec0ea3e744
-
SHA256
1d982e5daf65410e1c8315f7d0295325e728ff4970131f3b1aac4bc40bdebd30
-
SHA512
45729317935fbd097a01d34200dcb70285b298a1adfe1b38ece5ecb67b5b12f07b94e924f5031852e8c3b721443e5c57bf0119c81ffb0783a876364dfe339f76
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Contacts a large (47348) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-