Overview

overview

6

Static

static

cf79606eae...9b8dea

ubuntu-18.04-amd64

6

cf79606eae...9b8dea

debian-9-armhf

6

cf79606eae...9b8dea

debian-9-mips

6

cf79606eae...9b8dea

debian-9-mipsel

6

Analysis

  • max time kernel
    30452s
  • max time network
    121s
  • platform
    linux_mipsel
  • resource
    debian9-mipsel-en-20211208
  • resource tags

    arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    25-11-2022 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf79606eae2e092774cd526aab8792b57ad36b6ab85cd7522cf04f57289b8dea

  • Size

    1KB

  • MD5

    3b2586fd81c0ca699acfa342ca7e248f

  • SHA1

    25d0f7abafe4e229c1aeaed0137988628263f63d

  • SHA256

    cf79606eae2e092774cd526aab8792b57ad36b6ab85cd7522cf04f57289b8dea

  • SHA512

    eb969364b7b884a2038180d2b6511db1eca0abff69147f63750347d3b9dc0ec37689939927f398e86acdb74e630fe7a071462e739cc502d8e26b2b3f3c37086d

Score
6/10

Malware Config

Signatures

  • Reads CPU attributes 1 TTPs 3 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/cf79606eae2e092774cd526aab8792b57ad36b6ab85cd7522cf04f57289b8dea
    /tmp/cf79606eae2e092774cd526aab8792b57ad36b6ab85cd7522cf04f57289b8dea
    1⤵
    • Writes file to tmp directory
    PID:328
    • /bin/date
      date
      2⤵
        PID:330
      • /usr/bin/expr
        expr 0
        2⤵
          PID:340
        • /usr/bin/killall
          /usr/bin/killall -9 xDown.sh
          2⤵
            PID:341
          • /apps/www/htdocs/nm/xDown.sh
            /apps/www/htdocs/nm/xDown.sh
            2⤵
              PID:342
            • /bin/sleep
              sleep 60
              2⤵
                PID:343
              • /bin/date
                date
                2⤵
                  PID:344
                • /usr/bin/expr
                  expr 0
                  2⤵
                    PID:351
                  • /usr/bin/killall
                    /usr/bin/killall -9 xDown.sh
                    2⤵
                      PID:352
                    • /apps/www/htdocs/nm/xDown.sh
                      /apps/www/htdocs/nm/xDown.sh
                      2⤵
                        PID:353
                      • /bin/sleep
                        sleep 60
                        2⤵
                          PID:354
                        • /bin/date
                          date
                          2⤵
                            PID:381
                          • /usr/bin/expr
                            expr 0
                            2⤵
                              PID:388
                            • /usr/bin/killall
                              /usr/bin/killall -9 xDown.sh
                              2⤵
                                PID:389
                              • /apps/www/htdocs/nm/xDown.sh
                                /apps/www/htdocs/nm/xDown.sh
                                2⤵
                                  PID:390
                              • /bin/ps
                                ps wuxm
                                1⤵
                                • Reads CPU attributes
                                • Reads runtime system information
                                PID:335
                              • /bin/grep
                                grep -v grep
                                1⤵
                                  PID:337
                                • /bin/grep
                                  grep xDown.sh
                                  1⤵
                                    PID:336
                                  • /bin/grep
                                    grep -v defunct
                                    1⤵
                                      PID:338
                                    • /usr/bin/wc
                                      wc -l
                                      1⤵
                                        PID:339
                                      • /bin/ps
                                        ps wuxm
                                        1⤵
                                        • Reads CPU attributes
                                        • Reads runtime system information
                                        PID:346
                                      • /bin/grep
                                        grep xDown.sh
                                        1⤵
                                          PID:347
                                        • /bin/grep
                                          grep -v defunct
                                          1⤵
                                            PID:349
                                          • /bin/grep
                                            grep -v grep
                                            1⤵
                                              PID:348
                                            • /usr/bin/wc
                                              wc -l
                                              1⤵
                                                PID:350
                                              • /bin/ps
                                                ps wuxm
                                                1⤵
                                                • Reads CPU attributes
                                                • Reads runtime system information
                                                PID:383
                                              • /bin/grep
                                                grep -v grep
                                                1⤵
                                                  PID:385
                                                • /bin/grep
                                                  grep xDown.sh
                                                  1⤵
                                                    PID:384
                                                  • /bin/grep
                                                    grep -v defunct
                                                    1⤵
                                                      PID:386
                                                    • /usr/bin/wc
                                                      wc -l
                                                      1⤵
                                                        PID:387

                                                      Network

                                                      MITRE ATT&CK Enterprise v6

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads