Overview

overview

5

Static

static

9536a1518f...05b5d8

ubuntu-18.04-amd64

5

9536a1518f...05b5d8

debian-9-armhf

5

9536a1518f...05b5d8

debian-9-mips

5

9536a1518f...05b5d8

debian-9-mipsel

5

Analysis

  • max time kernel
    0s
  • max time network
    123s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    26-11-2022 16:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9536a1518fd4fc81c51ce508f99637e1b3f5756e36896f19ad78b21d0005b5d8

  • Size

    753B

  • MD5

    8bf07c56cdca230ea451333790002498

  • SHA1

    1e6470a691ff425e9b313df92d50ee531a57e037

  • SHA256

    9536a1518fd4fc81c51ce508f99637e1b3f5756e36896f19ad78b21d0005b5d8

  • SHA512

    7f513c376376f86cdd63b10735da1a6f1587aa5a4d51321a8bdd71e21e05541d109649f0eaa18c8591653642d582cc08878d72f1c71c42eab7ed472b8c20d62c

Score
5/10

Malware Config

Signatures

  • Writes file to tmp directory 18 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/9536a1518fd4fc81c51ce508f99637e1b3f5756e36896f19ad78b21d0005b5d8
    /tmp/9536a1518fd4fc81c51ce508f99637e1b3f5756e36896f19ad78b21d0005b5d8
    1⤵
    • Writes file to tmp directory
    PID:324
    • /bin/cat
      cat
      2⤵
        PID:325
      • /usr/bin/gcc
        gcc -w -fPIC -shared -o /tmp/libxpl.so /tmp/libxpl.c
        2⤵
        • Writes file to tmp directory
        PID:326
        • /usr/lib/gcc/mips-linux-gnu/6/cc1
          /usr/lib/gcc/mips-linux-gnu/6/cc1 -quiet -imultiarch mips-linux-gnu /tmp/libxpl.c -meb -quiet -dumpbase libxpl.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mips32r2 "-mabi=32" -auxbase libxpl -w -fPIC -o /tmp/ccBQy9Oy.s
          3⤵
          • Writes file to tmp directory
          PID:327
        • /usr/bin/as
          as -W -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccsRUl6y.o /tmp/ccBQy9Oy.s
          3⤵
          • Writes file to tmp directory
          PID:332
        • /usr/lib/gcc/mips-linux-gnu/6/collect2
          /usr/lib/gcc/mips-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccP0cOBS.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -shared -melf32btsmip -o /tmp/libxpl.so /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccsRUl6y.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o
          3⤵
          • Writes file to tmp directory
          PID:333
          • /usr/bin/ld
            /usr/bin/ld -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccP0cOBS.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -shared -melf32btsmip -o /tmp/libxpl.so /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccsRUl6y.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o
            4⤵
            • Writes file to tmp directory
            PID:334
      • /bin/ping
        ping
        2⤵
          PID:335
        • /bin/cat
          cat /tmp/libxpl.so
          2⤵
          • Writes file to tmp directory
          PID:336
        • /bin/rm
          rm -rf /tmp/libxpl.c /tmp/libxpl.so
          2⤵
          • Writes file to tmp directory
          PID:337
        • /bin/ping
          ping
          2⤵
            PID:338
          • /bin/sh
            /bin/sh -i
            2⤵
              PID:338
          • /usr/local/sbin/as
            as -W -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccsRUl6y.o /tmp/ccBQy9Oy.s
            1⤵
              PID:332
            • /usr/local/bin/as
              as -W -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccsRUl6y.o /tmp/ccBQy9Oy.s
              1⤵
                PID:332
              • /usr/sbin/as
                as -W -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccsRUl6y.o /tmp/ccBQy9Oy.s
                1⤵
                  PID:332

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads