903b7fccc80816eee6ecffad04c04f08d63c9d073ec0ccd4ba5c1b4af9c46c02

Analysis

max time kernel
19719s
max time network
152s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
24-07-2022 22:47

Target

903b7fccc80816eee6ecffad04c04f08d63c9d073ec0ccd4ba5c1b4af9c46c02
Size

31KB
MD5

5ab3be407ea5a07f447612e7b621356f
SHA1

d08b539376be3a5b9507a8270f324c123520d6ba
SHA256

903b7fccc80816eee6ecffad04c04f08d63c9d073ec0ccd4ba5c1b4af9c46c02
SHA512

e1d8d14e7666b1b14d503c19eb5efa566a1fcad4ab8ea2c1c7a55f39043f38cbdfef48360ffdec304eafd8f945b22f2bd5b91a9398cfff8578fb96aa595f1c4e

Score

10^/10

suricata: ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)
suricata: ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)
suricata
Contacts a large (36983) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.

Processes:

903b7fccc80816eee6ecffad04c04f08d63c9d073ec0ccd4ba5c1b4af9c46c02

description ioc process

/proc/self/exe /proc/self/exe 903b7fccc80816eee6ecffad04c04f08d63c9d073ec0ccd4ba5c1b4af9c46c02
/proc/ /proc/

description	ioc	process
/proc/self/exe	/proc/self/exe	903b7fccc80816eee6ecffad04c04f08d63c9d073ec0ccd4ba5c1b4af9c46c02
/proc/	/proc/

/tmp/903b7fccc80816eee6ecffad04c04f08d63c9d073ec0ccd4ba5c1b4af9c46c02
/tmp/903b7fccc80816eee6ecffad04c04f08d63c9d073ec0ccd4ba5c1b4af9c46c02
1⤵
- Reads runtime system information
PID:331

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact