0a47bb8b432a0f90511ce50b6b6bc627ca52151979bbc15a82b52fc8f2a27521 | Triage

Analysis

max time kernel
0s
max time network
153s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
29-09-2022 17:29

Sharing

Report Analysis Logs

General

Target

HWID_Spoofer/.git/hooks/commit-msg.sample
Size

896B
MD5

579a3c1e12a1e74a98169175fb913012
SHA1

ee1ed5aad98a435f2020b6de35c173b75d9affac
SHA256

1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437
SHA512

d6bb7fa747f4625adf1877f546565cbe812ca7dd4168f7e9068e6732555d8737eba549546cf5946649e3f38de82d173aaf9c160a4c9f9445655258b4c5f955eb

Score

5^/10

Malware Config

Signatures

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/filesystems	/proc/filesystems	sed

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/HWID_Spoofer/.git/hooks/commit-msg.sample	/tmp/HWID_Spoofer/.git/hooks/commit-msg.sample	commit-msg.sample

/tmp/HWID_Spoofer/.git/hooks/commit-msg.sample
/tmp/HWID_Spoofer/.git/hooks/commit-msg.sample
1⤵
- Writes file to tmp directory
PID:320

/bin/grep
grep "^Signed-off-by: "
1⤵
PID:322

/usr/bin/sort
sort
1⤵
PID:323

/usr/bin/uniq
uniq -c
1⤵
PID:324

/bin/sed
sed -e "/^[ ]*1[ ]/d"
1⤵
- Reads runtime system information
PID:325

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads