Analysis
-
max time kernel
0s -
max time network
157s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28-11-2022 11:35
Static task
static1
Behavioral task
behavioral1
Sample
c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral2
Sample
c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral3
Sample
c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral4
Sample
c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
Resource
debian9-mipsel-en-20211208
General
-
Target
c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
-
Size
4KB
-
MD5
fc457f091269f8303f5499043a655c24
-
SHA1
cb8be781eb141222fe1f617911b6e89f40ecab06
-
SHA256
c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
-
SHA512
770bce5e962feaede5800aa27e3dad89ee364eccb5aa4f01ad2c8bec6fcc32a27b16ea4833911b768c24d939fdb4fac7cb8af4dd7b204e975fafa2d427d5b092
-
SSDEEP
96:Fymtc3nmUyp8zW9wnqoZpIS2baUrKhI/uVcTR6bEkIev45CC5MDmNA36Rnw9Wz8Z:S35eNbWf
Malware Config
Signatures
-
Reads CPU attributes 1 TTPs 1 IoCs
Processes:
uptimedescription ioc process /sys/devices/system/cpu/online /sys/devices/system/cpu/online uptime -
Reads runtime system information 7 IoCs
Reads data from /proc virtual filesystem.
Processes:
uptimeiddfdescription ioc process /proc/sys/kernel/osrelease /proc/sys/kernel/osrelease uptime /proc/uptime /proc/uptime uptime /proc/loadavg /proc/loadavg uptime /proc/filesystems /proc/filesystems id /proc/sys/kernel/ngroups_max /proc/sys/kernel/ngroups_max id /proc/self/mountinfo /proc/self/mountinfo df /proc/filesystems /proc/filesystems uptime -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3description ioc process /tmp/c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3 /tmp/c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3 c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3
Processes
-
/tmp/c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc3/tmp/c574d640d3e80fdc76992c4b872b7a3768a7dc54213cf49c0cc6b6c47608cfc31⤵
- Writes file to tmp directory
-
/sbin/ifconfig/sbin/ifconfig -a2⤵
-
/usr/bin/uptimeuptime2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/unameuname -a2⤵
-
/bin/catcat /etc/issue2⤵
-
/bin/catcat /etc/passwd2⤵
-
/usr/bin/idid2⤵
- Reads runtime system information
-
/bin/dfdf -h2⤵
- Reads runtime system information
-
/bin/catcat info22⤵
-
/bin/rmrm -rf info22⤵
-
/usr/bin/clearclear2⤵