c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3

Analysis

max time kernel
0s
max time network
157s
platform
debian-9_mips
resource
debian9-mipsbe-20221111-en
resource tags

arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
28-11-2022 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
Size

4KB
MD5

fc457f091269f8303f5499043a655c24
SHA1

cb8be781eb141222fe1f617911b6e89f40ecab06
SHA256

c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
SHA512

770bce5e962feaede5800aa27e3dad89ee364eccb5aa4f01ad2c8bec6fcc32a27b16ea4833911b768c24d939fdb4fac7cb8af4dd7b204e975fafa2d427d5b092
SSDEEP

96:Fymtc3nmUyp8zW9wnqoZpIS2baUrKhI/uVcTR6bEkIev45CC5MDmNA36Rnw9Wz8Z:S35eNbWf

Score

6^/10

Malware Config

Signatures

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

uptime

description ioc process

/sys/devices/system/cpu/online /sys/devices/system/cpu/online uptime

description	ioc	process
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	uptime

Reads runtime system information 7 IoCs

Reads data from /proc virtual filesystem.

Processes:

uptimeiddf

description	ioc	process
/proc/sys/kernel/osrelease	/proc/sys/kernel/osrelease	uptime
/proc/uptime	/proc/uptime	uptime
/proc/loadavg	/proc/loadavg	uptime
/proc/filesystems	/proc/filesystems	id
/proc/sys/kernel/ngroups_max	/proc/sys/kernel/ngroups_max	id
/proc/self/mountinfo	/proc/self/mountinfo	df
/proc/filesystems	/proc/filesystems	uptime

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3

description	ioc	process
/tmp/c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3	/tmp/c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3	c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3

/tmp/c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
/tmp/c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
1⤵
- Writes file to tmp directory
PID:322

/sbin/ifconfig
/sbin/ifconfig -a
2⤵
PID:328

/usr/bin/uptime
uptime
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:329

/bin/uname
uname -a
2⤵
PID:330

/bin/cat
cat /etc/issue
2⤵
PID:331

/bin/cat
cat /etc/passwd
2⤵
PID:332

/usr/bin/id
id
2⤵
- Reads runtime system information
PID:333

/bin/df
df -h
2⤵
- Reads runtime system information
PID:334

/bin/cat
cat info2
2⤵
PID:335

/bin/rm
rm -rf info2
2⤵
PID:337

/usr/bin/clear
clear
2⤵
PID:338

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads