00a2abe70a76a4cb942d12add8358f0ac751603a9fa6bd7a959095841aee1758

Analysis

max time kernel
23595s
max time network
152s
platform
linux_mipsel
resource
debian9-mipsel-en-20211208
resource tags

arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
07/09/2022, 19:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00a2abe70a76a4cb942d12add8358f0ac751603a9fa6bd7a959095841aee1758.bin
Size

94KB
MD5

2d73095da6de946a55cf531e9611cd8a
SHA1

d933d6e78f762a2740bb75d2df0c2e569dd262ff
SHA256

00a2abe70a76a4cb942d12add8358f0ac751603a9fa6bd7a959095841aee1758
SHA512

57871ec0e7edd0380a2e1ce0735312e255485ac03648e019479c90ba2493429f803c20d112ec8460333802abc5a2ba0f16100f38386f88d1b79c069c2456dbb2
SSDEEP

1536:EPYu5myv9Ud/VerUg3iQ1b4ja21P3FNZdxtNI1cqV:EPYu5pv9oEoja21P1NOfV

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (23354) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow

T1574

description	ioc
/bin/dash	/bin/dash

Enumerates active TCP sockets 1 TTPs 1 IoCs

Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery

T1049

description	ioc
/proc/net/tcp	/proc/net/tcp

Write file to user bin folder 1 TTPs 1 IoCs

Hijack Execution Flow

T1574

description	ioc
/usr/bin/apt-get	/usr/bin/apt-get

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc
/proc/net/tcp	/proc/net/tcp

Reads runtime system information 20 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/264/fd	/proc/264/fd	Process not Found
/proc/406/exe	/proc/406/exe	Process not Found
/proc/410/exe	/proc/410/exe	Process not Found
/proc/418/exe	/proc/418/exe	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/216/fd	/proc/216/fd	Process not Found
/proc/227/fd	/proc/227/fd	Process not Found
/proc/242/fd	/proc/242/fd	Process not Found
/proc/260/fd	/proc/260/fd	Process not Found
/proc/344/exe	/proc/344/exe	Process not Found
/proc/401/exe	/proc/401/exe	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/	/proc/	Process not Found
/proc/156/fd	/proc/156/fd	Process not Found
/proc/407/exe	/proc/407/exe	Process not Found
/proc/1/fd	/proc/1/fd	Process not Found
/proc/139/fd	/proc/139/fd	Process not Found
/proc/261/fd	/proc/261/fd	Process not Found
/proc/239/fd	/proc/239/fd	Process not Found
/proc/241/fd	/proc/241/fd	Process not Found

/tmp/00a2abe70a76a4cb942d12add8358f0ac751603a9fa6bd7a959095841aee1758.bin
/tmp/00a2abe70a76a4cb942d12add8358f0ac751603a9fa6bd7a959095841aee1758.bin
1⤵
PID:331

/bin/sh
sh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/00a2abe70a76a4cb942d12add8358f0ac751603a9fa6bd7a959095841aee1758.bin bin/busybox; chmod 777 bin/busybox"
1⤵
PID:332
- /bin/rm
  rm -rf bin/busybox
  2⤵
  PID:334
- /bin/mkdir
  mkdir bin
  2⤵
  - Reads runtime system information
  PID:335
- /bin/mv
  mv /tmp/00a2abe70a76a4cb942d12add8358f0ac751603a9fa6bd7a959095841aee1758.bin bin/busybox
  2⤵
  - Reads runtime system information
  PID:337
- /bin/chmod
  chmod 777 bin/busybox
  2⤵
  PID:341

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

Network Service Scanning

T1046

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads