Analysis
-
max time kernel
0s -
max time network
120s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
resource tags
-
submitted
25-11-2022 19:35
General
-
Target
6637f76dce8486449059e817169f96e81992bd88ef686e094154036754d9556e
-
Size
1KB
-
MD5
6acfc27bf16bf39d7cd6618fc2b57137
-
SHA1
3a3759c509e8ca578c504f162d2e1ee336193f3c
-
SHA256
6637f76dce8486449059e817169f96e81992bd88ef686e094154036754d9556e
-
SHA512
4d4ce060047d41364fd0a7a4c6e615af6657c46347abafe6e93bf8363dfa2648185c229699525397938c77ca4b802893cbffe39b572f534ddb5f7b9402f34bda
Score
7/10
Malware Config
Signatures
-
Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
-
Reads CPU attributes 1 TTPs 2 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/6637f76dce8486449059e817169f96e81992bd88ef686e094154036754d9556e/tmp/6637f76dce8486449059e817169f96e81992bd88ef686e094154036754d9556e1⤵
- Writes file to tmp directory
-
/bin/cpcp -f /tmp/combinebmp.sh /apps/bzw/bin/kit/2⤵
-
/bin/rmrm -rf /apps/www/htdocs/nm/xDown.sh2⤵
-
/bin/rmrm -rf /apps/www/htdocs/nm/xDown_mon.sh2⤵
-
/bin/mkdirmkdir -p /apps/www/htdocs/nm2⤵
-
/bin/cpcp -f /tmp/xDown.sh /apps/www/htdocs/nm2⤵
-
/bin/cpcp -f /tmp/xDown_mon.sh /apps/www/htdocs/nm2⤵
-
/bin/chmodchmod +x /apps/www/htdocs/nm/xDown.sh2⤵
-
/bin/chmodchmod +x /apps/www/htdocs/nm/xDown_mon.sh2⤵
-
/bin/grepgrep -c /apps/www/htdocs/nm/xDown_mon.sh /etc/rc.local2⤵
- Modifies rc script
-
/apps/www/htdocs/nm/xDown_mon.sh/apps/www/htdocs/nm/xDown_mon.sh2⤵
-
/bin/psps aux1⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep xDown_mon.sh1⤵
-
/bin/grepgrep -v grep1⤵
-
/usr/bin/awkawk "{print \$2}"1⤵
-
/bin/psps aux1⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep xDown.sh1⤵
-
/bin/grepgrep -v grep1⤵
-
/usr/bin/awkawk "{print \$2}"1⤵