Overview

overview

5

Static

static

09ab303179...packed

ubuntu-18.04-amd64

5

09ab303179...packed

debian-9-armhf

5

09ab303179...packed

debian-9-mips

5

09ab303179...packed

debian-9-mipsel

5

Analysis

  • max time kernel
    0s
  • max time network
    602s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    27-10-2022 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764_unpacked

  • Size

    18KB

  • MD5

    8cee2a187198648c199c1d135c918a3a

  • SHA1

    a9f39f3b832344a79d32d92ac56c50cdaff0b93c

  • SHA256

    09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764

  • SHA512

    bb4a8c108c08b4da2ee36f8876c53c2ad28f793cc5ed9999eb81fcead95123adc13d6c718dc3c10e0be75c2b0760251d756a95c61341ff99a84be576d5d00374

  • SSDEEP

    384:S0DO7oJgfOzs0KoWI3xMrKPDWsqLb0Tx75nrzoAU1j:L6TOzs0KfoxBBVcJ

Score
5/10

Malware Config

Signatures

  • Reads runtime system information 35 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764_unpacked
    /tmp/09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764_unpacked
    1⤵
    • Writes file to tmp directory
    PID:320
    • /bin/readlink
      readlink /share/Public
      2⤵
        PID:321
      • /bin/readlink
        readlink /share/Download
        2⤵
          PID:322
        • /bin/readlink
          readlink /share/Multimedia
          2⤵
            PID:323
          • /bin/readlink
            readlink /share/Web
            2⤵
              PID:324
            • /bin/readlink
              readlink /share/Recordings
              2⤵
                PID:325
              • /bin/readlink
                readlink /share/homes
                2⤵
                  PID:327
                • /bin/grep
                  grep -F
                  2⤵
                    PID:337
                  • /bin/mkdir
                    mkdir /mnt/HDA_ROOT/.qpkg
                    2⤵
                    • Reads runtime system information
                    PID:338
                  • /bin/mkdir
                    mkdir /mnt/HDA_ROOT/.qpkg/.config
                    2⤵
                    • Reads runtime system information
                    PID:339
                  • /bin/mktemp
                    mktemp ./.tmp.XXXXXX
                    2⤵
                      PID:340
                  • /bin/mount
                    mount
                    1⤵
                    • Reads runtime system information
                    PID:334
                  • /bin/sed
                    sed -n "s/.*\\(\\/share\\/[^ /]\\+\\) .*/\\1/gp"
                    1⤵
                    • Reads runtime system information
                    PID:335
                  • /usr/bin/head
                    head -n 1
                    1⤵
                      PID:336
                    • /bin/date
                      date "+%s"
                      1⤵
                        PID:344
                      • /bin/sed
                        sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                        1⤵
                        • Reads runtime system information
                        PID:346
                      • /bin/date
                        date "+%s"
                        1⤵
                          PID:351
                        • /bin/sed
                          sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                          1⤵
                          • Reads runtime system information
                          PID:352
                        • /bin/date
                          date "+%s"
                          1⤵
                            PID:356
                          • /bin/sed
                            sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                            1⤵
                            • Reads runtime system information
                            PID:358
                          • /bin/date
                            date "+%s"
                            1⤵
                              PID:363
                            • /bin/sed
                              sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                              1⤵
                              • Reads runtime system information
                              PID:364
                            • /bin/date
                              date "+%s"
                              1⤵
                                PID:368
                              • /bin/sed
                                sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                1⤵
                                • Reads runtime system information
                                PID:370
                              • /bin/date
                                date "+%s"
                                1⤵
                                  PID:374
                                • /bin/sed
                                  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                  1⤵
                                  • Reads runtime system information
                                  PID:376
                                • /bin/date
                                  date "+%s"
                                  1⤵
                                    PID:381
                                  • /bin/sed
                                    sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                    1⤵
                                    • Reads runtime system information
                                    PID:382
                                  • /bin/date
                                    date "+%s"
                                    1⤵
                                      PID:387
                                    • /bin/sed
                                      sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                      1⤵
                                      • Reads runtime system information
                                      PID:388
                                    • /bin/date
                                      date "+%s"
                                      1⤵
                                        PID:392
                                      • /bin/sed
                                        sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                        1⤵
                                        • Reads runtime system information
                                        PID:394
                                      • /bin/date
                                        date "+%s"
                                        1⤵
                                          PID:398
                                        • /bin/sed
                                          sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                          1⤵
                                          • Reads runtime system information
                                          PID:400
                                        • /bin/date
                                          date "+%s"
                                          1⤵
                                            PID:405
                                          • /bin/sed
                                            sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                            1⤵
                                            • Reads runtime system information
                                            PID:406
                                          • /bin/sed
                                            sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                            1⤵
                                            • Reads runtime system information
                                            PID:412
                                          • /bin/date
                                            date "+%s"
                                            1⤵
                                              PID:410
                                            • /bin/date
                                              date "+%s"
                                              1⤵
                                                PID:416
                                              • /bin/sed
                                                sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                1⤵
                                                • Reads runtime system information
                                                PID:418
                                              • /bin/date
                                                date "+%s"
                                                1⤵
                                                  PID:422
                                                • /bin/sed
                                                  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                  1⤵
                                                  • Reads runtime system information
                                                  PID:424
                                                • /bin/date
                                                  date "+%s"
                                                  1⤵
                                                    PID:429
                                                  • /bin/sed
                                                    sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                    1⤵
                                                    • Reads runtime system information
                                                    PID:430
                                                  • /bin/date
                                                    date "+%s"
                                                    1⤵
                                                      PID:434
                                                    • /bin/sed
                                                      sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                      1⤵
                                                      • Reads runtime system information
                                                      PID:436
                                                    • /bin/date
                                                      date "+%s"
                                                      1⤵
                                                        PID:441
                                                      • /bin/sed
                                                        sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                        1⤵
                                                        • Reads runtime system information
                                                        PID:442
                                                      • /bin/date
                                                        date "+%s"
                                                        1⤵
                                                          PID:447
                                                        • /bin/sed
                                                          sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                          1⤵
                                                          • Reads runtime system information
                                                          PID:448
                                                        • /bin/date
                                                          date "+%s"
                                                          1⤵
                                                            PID:452
                                                          • /bin/sed
                                                            sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                            1⤵
                                                            • Reads runtime system information
                                                            PID:454
                                                          • /bin/date
                                                            date "+%s"
                                                            1⤵
                                                              PID:459
                                                            • /bin/sed
                                                              sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                              1⤵
                                                              • Reads runtime system information
                                                              PID:460
                                                            • /bin/sed
                                                              sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                              1⤵
                                                              • Reads runtime system information
                                                              PID:466
                                                            • /bin/date
                                                              date "+%s"
                                                              1⤵
                                                                PID:465
                                                              • /bin/date
                                                                date "+%s"
                                                                1⤵
                                                                  PID:470
                                                                • /bin/sed
                                                                  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                                  1⤵
                                                                  • Reads runtime system information
                                                                  PID:472
                                                                • /bin/date
                                                                  date "+%s"
                                                                  1⤵
                                                                    PID:476
                                                                  • /bin/sed
                                                                    sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                                    1⤵
                                                                    • Reads runtime system information
                                                                    PID:478
                                                                  • /bin/date
                                                                    date "+%s"
                                                                    1⤵
                                                                      PID:482
                                                                    • /bin/sed
                                                                      sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                                      1⤵
                                                                      • Reads runtime system information
                                                                      PID:484
                                                                    • /bin/sed
                                                                      sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                                      1⤵
                                                                      • Reads runtime system information
                                                                      PID:490
                                                                    • /bin/date
                                                                      date "+%s"
                                                                      1⤵
                                                                        PID:489
                                                                      • /bin/sed
                                                                        sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                                        1⤵
                                                                        • Reads runtime system information
                                                                        PID:496
                                                                      • /bin/date
                                                                        date "+%s"
                                                                        1⤵
                                                                          PID:494
                                                                        • /bin/sed
                                                                          sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                                          1⤵
                                                                          • Reads runtime system information
                                                                          PID:502
                                                                        • /bin/date
                                                                          date "+%s"
                                                                          1⤵
                                                                            PID:500
                                                                          • /bin/date
                                                                            date "+%s"
                                                                            1⤵
                                                                              PID:507
                                                                            • /bin/sed
                                                                              sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                                              1⤵
                                                                              • Reads runtime system information
                                                                              PID:508
                                                                            • /bin/date
                                                                              date "+%s"
                                                                              1⤵
                                                                                PID:513
                                                                              • /bin/sed
                                                                                sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                                                1⤵
                                                                                • Reads runtime system information
                                                                                PID:514
                                                                              • /bin/date
                                                                                date "+%s"
                                                                                1⤵
                                                                                  PID:518
                                                                                • /bin/sed
                                                                                  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
                                                                                  1⤵
                                                                                  • Reads runtime system information
                                                                                  PID:520

                                                                                Network

                                                                                MITRE ATT&CK Matrix

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads