fac37c893ca025ceadfade88af1fbc68826de71488be75f703af5a43eea4ef46

Analysis

max time kernel
0s
max time network
125s
platform
debian-9_mips
resource
debian9-mipsbe-20221111-en
resource tags

arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
24/11/2022, 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fac37c893ca025ceadfade88af1fbc68826de71488be75f703af5a43eea4ef46
Size

280B
MD5

ffbe082703fd28730ccf804c76e7e04c
SHA1

14d68ce4221d8ad00d5f351ded4b66a331b92ced
SHA256

fac37c893ca025ceadfade88af1fbc68826de71488be75f703af5a43eea4ef46
SHA512

e350aa02c42514216d5e1bf5684c15379d6cdc64861e931373fd6a204058a89f61758e661e107900e4697fda24a23a011b6ecb166d754c3ebcdad2b9e3369f47

Score

5^/10

Malware Config

Signatures

Reads runtime system information 3 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/filesystems	/proc/filesystems	mkdir
/proc/filesystems	/proc/filesystems	3
/proc/self/mountinfo	/proc/self/mountinfo	3

Writes file to tmp directory 16 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/x	/tmp/x	rm
/tmp/ccCQ0AJ3.le	/tmp/ccCQ0AJ3.le	collect2
/tmp/ccccQ2sD.c	/tmp/ccccQ2sD.c	collect2
/tmp/cc2pRhU6.o	/tmp/cc2pRhU6.o	collect2
/tmp/cc6QBskA.ld	/tmp/cc6QBskA.ld	collect2
/tmp/fac37c893ca025ceadfade88af1fbc68826de71488be75f703af5a43eea4ef46	/tmp/fac37c893ca025ceadfade88af1fbc68826de71488be75f703af5a43eea4ef46	fac37c893ca025ceadfade88af1fbc68826de71488be75f703af5a43eea4ef46
/tmp/ccDX7mBQ.o	/tmp/ccDX7mBQ.o	gcc
/tmp/ccWkodQB.s	/tmp/ccWkodQB.s	as
/tmp/cc2waJIh.res	/tmp/cc2waJIh.res	gcc
/tmp/x	/tmp/x	ld
/tmp/x	/tmp/x	rm
/tmp/ccWkodQB.s	/tmp/ccWkodQB.s	gcc
/tmp/ccWkodQB.s	/tmp/ccWkodQB.s	cc1
/tmp/ccDX7mBQ.o	/tmp/ccDX7mBQ.o	as
/tmp/x/t	/tmp/x/t	fac37c893ca025ceadfade88af1fbc68826de71488be75f703af5a43eea4ef46
/tmp/ccDX7mBQ.o	/tmp/ccDX7mBQ.o	ld

/tmp/fac37c893ca025ceadfade88af1fbc68826de71488be75f703af5a43eea4ef46
/tmp/fac37c893ca025ceadfade88af1fbc68826de71488be75f703af5a43eea4ef46
1⤵
- Writes file to tmp directory
PID:333
- /bin/rm
  rm -rf /tmp/x
  2⤵
  - Writes file to tmp directory
  PID:334
- /bin/mkdir
  mkdir /tmp/x
  2⤵
  - Reads runtime system information
  PID:335
- /bin/ln
  ln /bin/mount /tmp/x/t
  2⤵
  PID:337
- /bin/cat
  cat
  2⤵
  PID:341
- /bin/rm
  rm -rf /tmp/x
  2⤵
  - Writes file to tmp directory
  PID:342
- /usr/bin/gcc
  gcc -w -fPIC -shared -o /tmp/x pl.c
  2⤵
  - Writes file to tmp directory
  PID:343
- - /usr/lib/gcc/mips-linux-gnu/6/cc1
    /usr/lib/gcc/mips-linux-gnu/6/cc1 -quiet -imultiarch mips-linux-gnu pl.c -meb -quiet -dumpbase pl.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mips32r2 "-mabi=32" -auxbase pl -w -fPIC -o /tmp/ccWkodQB.s
    3⤵
    - Writes file to tmp directory
    PID:344
- - /usr/bin/as
    as -W -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccDX7mBQ.o /tmp/ccWkodQB.s
    3⤵
    - Writes file to tmp directory
    PID:345
- - /usr/lib/gcc/mips-linux-gnu/6/collect2
    /usr/lib/gcc/mips-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc2waJIh.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -shared -melf32btsmip -o /tmp/x /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccDX7mBQ.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o
    3⤵
    - Writes file to tmp directory
    PID:346
  - - /usr/bin/ld
      /usr/bin/ld -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc2waJIh.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -shared -melf32btsmip -o /tmp/x /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccDX7mBQ.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o
      4⤵
      Writes file to tmp directory
      PID:347

/usr/local/sbin/as
as -W -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccDX7mBQ.o /tmp/ccWkodQB.s
1⤵
PID:345

/usr/local/bin/as
as -W -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccDX7mBQ.o /tmp/ccWkodQB.s
1⤵
PID:345

/usr/sbin/as
as -W -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccDX7mBQ.o /tmp/ccWkodQB.s
1⤵
PID:345

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads