Overview

overview

8

Static

static

d1c1704f47...7370c4

ubuntu-18.04-amd64

8

d1c1704f47...7370c4

debian-9-armhf

8

d1c1704f47...7370c4

debian-9-mips

8

d1c1704f47...7370c4

debian-9-mipsel

8

Analysis

  • max time kernel
    30296s
  • max time network
    153s
  • platform
    linux_mipsel
  • resource
    debian9-mipsel-en-20211208
  • resource tags

    arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    24-11-2022 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1c1704f476afc77d1d42206fa037f81a608a8439bcb44d8e79d465bbb7370c4

  • Size

    37KB

  • MD5

    4de3c6792f7644313046cc6aeeb87501

  • SHA1

    c4778fc6a865c96eafd897793dc6d2b52314e071

  • SHA256

    d1c1704f476afc77d1d42206fa037f81a608a8439bcb44d8e79d465bbb7370c4

  • SHA512

    4a16b9af405b36d0e09f1f061aceea5ea99b8ddbd374adbab27260d89c740f86144d6d6159bc0e70af5cb3c9938835c142a98d0b5e4380b0b354d75e10c782f9

  • SSDEEP

    384:E4NqqoC/XJIEe4Xz2Ye6/mBP0es4zFftyLjXJaujtBBifvzM5re2Mb:nNIEe4Xz2YeGmBPP1fKLNOgI

Score
8/10

Malware Config

Signatures

  • Modifies hosts file 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration 1 TTPs 1 IoCs

    Writes data to DNS resolver config file.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/d1c1704f476afc77d1d42206fa037f81a608a8439bcb44d8e79d465bbb7370c4
    /tmp/d1c1704f476afc77d1d42206fa037f81a608a8439bcb44d8e79d465bbb7370c4
    1⤵
    • Writes file to tmp directory
    PID:322
    • /usr/local/sbin/uname
      uname -sr
      2⤵
        PID:323
      • /usr/local/bin/uname
        uname -sr
        2⤵
          PID:323
        • /usr/sbin/uname
          uname -sr
          2⤵
            PID:323
          • /usr/bin/uname
            uname -sr
            2⤵
              PID:323
            • /sbin/uname
              uname -sr
              2⤵
                PID:323
              • /bin/uname
                uname -sr
                2⤵
                  PID:323

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads