Analysis
-
max time kernel
0s -
max time network
125s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20221111-en -
resource tags
arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25-11-2022 19:35
Static task
static1
Behavioral task
behavioral1
Sample
e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral3
Sample
e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral4
Sample
e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076
Resource
debian9-mipsel-20221111-en
General
-
Target
e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076
-
Size
12KB
-
MD5
e4b9f042966fd379fdf21fc9d19a1f7d
-
SHA1
01854777b0fad562f4bda7e718ffef94eb89c4ba
-
SHA256
e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076
-
SHA512
915e72aaa7a21d0860e8238de54dc8845df6a625d7f8eee5f12b597b78862ee21fe12049926f92368c96d44eec7a0f704045534e0f26a241c2ec980c933075ec
-
SSDEEP
192:KYRYnS0eRYDIgPRCOcLBW8JhBYZM3Ce2pVLuz81CqrXFLnOFGxAJzV:E1cNNyl1DVaoY
Malware Config
Signatures
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076description ioc process /tmp/e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076 /tmp/e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076 e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076
Processes
-
/tmp/e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076/tmp/e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f0761⤵
- Writes file to tmp directory
PID:322 -
/bin/chmodchmod +x ./e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076 ./systemd-private-7242184aaedc474e921c763547f7932d-systemd-timesyncd.service-YrwuUY2⤵PID:324