Overview
overview
9Static
static
data/cowri...585337
debian-9-armhf
data/cowri...585337
debian-9-mips
data/cowri...585337
debian-9-mipsel
data/cowri...585337
ubuntu-18.04-amd64
data/cowri...2a836a
debian-9-armhf
data/cowri...2a836a
debian-9-mips
data/cowri...2a836a
debian-9-mipsel
data/cowri...2a836a
ubuntu-18.04-amd64
data/cowri...aa3de3
debian-9-armhf
9data/cowri...aa3de3
debian-9-mips
data/cowri...aa3de3
debian-9-mipsel
data/cowri...aa3de3
ubuntu-18.04-amd64
data/cowri...69f8f2
debian-9-armhf
data/cowri...69f8f2
debian-9-mips
data/cowri...69f8f2
debian-9-mipsel
data/cowri...69f8f2
ubuntu-18.04-amd64
data/cowri...96cec0
debian-9-armhf
data/cowri...96cec0
debian-9-mips
data/cowri...96cec0
debian-9-mipsel
data/cowri...96cec0
ubuntu-18.04-amd64
data/cowri...dd766c
debian-9-armhf
5data/cowri...dd766c
debian-9-mips
5data/cowri...dd766c
debian-9-mipsel
5data/cowri...dd766c
ubuntu-18.04-amd64
5data/cowri...f58ae9
debian-9-armhf
9data/cowri...f58ae9
debian-9-mips
9data/cowri...f58ae9
debian-9-mipsel
9data/cowri...f58ae9
ubuntu-18.04-amd64
9data/cowri...c8f85d
debian-9-armhf
data/cowri...c8f85d
debian-9-mips
data/cowri...c8f85d
debian-9-mipsel
data/cowri...c8f85d
ubuntu-18.04-amd64
Analysis
-
max time kernel
0s -
max time network
153s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
resource tags
arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18-10-2022 02:32
Static task
static1
Behavioral task
behavioral1
Sample
data/cowrie/downloads/0db4f8ea9c2fd15a3fa176534bacb8507660f7d0944fa1f11e889410e6585337
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral2
Sample
data/cowrie/downloads/0db4f8ea9c2fd15a3fa176534bacb8507660f7d0944fa1f11e889410e6585337
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral3
Sample
data/cowrie/downloads/0db4f8ea9c2fd15a3fa176534bacb8507660f7d0944fa1f11e889410e6585337
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral4
Sample
data/cowrie/downloads/0db4f8ea9c2fd15a3fa176534bacb8507660f7d0944fa1f11e889410e6585337
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral5
Sample
data/cowrie/downloads/394a862032b8d27a1dce87dfbadb814c9d2c1a26d067d4ea4ed6541c342a836a
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral6
Sample
data/cowrie/downloads/394a862032b8d27a1dce87dfbadb814c9d2c1a26d067d4ea4ed6541c342a836a
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral7
Sample
data/cowrie/downloads/394a862032b8d27a1dce87dfbadb814c9d2c1a26d067d4ea4ed6541c342a836a
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral8
Sample
data/cowrie/downloads/394a862032b8d27a1dce87dfbadb814c9d2c1a26d067d4ea4ed6541c342a836a
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral9
Sample
data/cowrie/downloads/a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral10
Sample
data/cowrie/downloads/a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral11
Sample
data/cowrie/downloads/a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral12
Sample
data/cowrie/downloads/a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral13
Sample
data/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral14
Sample
data/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral15
Sample
data/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral16
Sample
data/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral17
Sample
data/cowrie/downloads/b4cbc01ef78d6e36d470d2f6df077b4e4198ac0fdceb9f8087d9a20ed696cec0
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral18
Sample
data/cowrie/downloads/b4cbc01ef78d6e36d470d2f6df077b4e4198ac0fdceb9f8087d9a20ed696cec0
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral19
Sample
data/cowrie/downloads/b4cbc01ef78d6e36d470d2f6df077b4e4198ac0fdceb9f8087d9a20ed696cec0
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral20
Sample
data/cowrie/downloads/b4cbc01ef78d6e36d470d2f6df077b4e4198ac0fdceb9f8087d9a20ed696cec0
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral21
Sample
data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral22
Sample
data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral23
Sample
data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral24
Sample
data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral25
Sample
data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral26
Sample
data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral27
Sample
data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral28
Sample
data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral29
Sample
data/cowrie/downloads/ff6f81930943c96a37d7741cd547ad90295a9bd63b6194b2a834a1d32bc8f85d
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral30
Sample
data/cowrie/downloads/ff6f81930943c96a37d7741cd547ad90295a9bd63b6194b2a834a1d32bc8f85d
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral31
Sample
data/cowrie/downloads/ff6f81930943c96a37d7741cd547ad90295a9bd63b6194b2a834a1d32bc8f85d
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral32
Sample
data/cowrie/downloads/ff6f81930943c96a37d7741cd547ad90295a9bd63b6194b2a834a1d32bc8f85d
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9
-
Size
1KB
-
MD5
a629b120ac58761ba9dc17d98bdd7308
-
SHA1
717dc325ea7c8020904a8cb79dbe2672057884b5
-
SHA256
fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9
-
SHA512
34be4ea3750a9255d2c4a471d2608824863af5b1f8d09d3d16c5c892c69229aed9523855f32c44fe4082ca276ec5cdf12631de54de0d7208a88f6dbe18774dc3
Malware Config
Signatures
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
cpdescription ioc process /proc/filesystems /proc/filesystems cp -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
Processes:
fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9cpdescription ioc process /tmp/data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9 /tmp/data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9 fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9 /tmp/busybox /tmp/busybox cp
Processes
-
/tmp/data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae9/tmp/data/cowrie/downloads/fd5657061af78d879e64d780e5fada398258bc0f700068927e6e1fa992f58ae91⤵
- Writes file to tmp directory
-
/bin/cpcp /bin/busybox /tmp/2⤵
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
-
/bin/catcat phantom.x862⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵
-
/bin/catcat phantom.mips2⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵
-
/bin/catcat phantom.mpsl2⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵
-
/bin/catcat phantom.arm42⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵
-
/bin/catcat phantom.arm52⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵
-
/bin/catcat phantom.arm62⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵
-
/bin/catcat phantom.arm72⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵
-
/bin/catcat phantom.ppc2⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵
-
/bin/catcat phantom.m68k2⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵
-
/bin/catcat phantom.sh42⤵
-
/bin/chmodchmod +x busybox data robben systemd-private-a274da174cb44ad4b78e55297a3aefdc-systemd-timesyncd.service-qJHWtF2⤵
-
./robben./robben Payload2⤵