03f4651e0d7d8a961954767c75f0ffd6fc84c4112c031ae21df554e4cb4687b6

Analysis

max time kernel
3529s
max time network
151s
platform
debian-9_mips
resource
debian9-mipsbe-20221111-en
resource tags

arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
22-12-2022 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7ddbe460d5576610c19bc1894226cca.elf
Size

82KB
MD5

c7ddbe460d5576610c19bc1894226cca
SHA1

adb9594db7e6943e28505493671f2fdeb18aeda6
SHA256

03f4651e0d7d8a961954767c75f0ffd6fc84c4112c031ae21df554e4cb4687b6
SHA512

963d481f517bbac07ec207a81a76176db46cf0f19ed2a8354bd2adf479ad5f0cdfc126ba6a042cd35ae9a9e296e20e028031e47b0d8dd3e7b617100a4453b65e
SSDEEP

768:2ty6IP7M/kq0INRhfuN2Eo9tl/de2YIwHKRH0I84EH6UTY7ZDYovZ73x/nL8y8Qo:Rakdn2Eo3ePu5GTYRYo99Be037W5/

Score

9^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/250/cmdline	/proc/250/cmdline	Process not Found
/proc/328/cmdline	/proc/328/cmdline	Process not Found
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/75/cmdline	/proc/75/cmdline	Process not Found
/proc/230/cmdline	/proc/230/cmdline	Process not Found
/proc/37/cmdline	/proc/37/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found
/proc/5/cmdline	/proc/5/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/76/cmdline	/proc/76/cmdline	Process not Found
/proc/78/cmdline	/proc/78/cmdline	Process not Found
/proc/254/cmdline	/proc/254/cmdline	Process not Found
/proc/286/cmdline	/proc/286/cmdline	Process not Found
/proc/74/cmdline	/proc/74/cmdline	Process not Found
/proc/115/cmdline	/proc/115/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/70/cmdline	/proc/70/cmdline	Process not Found
/proc/71/cmdline	/proc/71/cmdline	Process not Found
/proc/73/cmdline	/proc/73/cmdline	Process not Found
/proc/218/cmdline	/proc/218/cmdline	Process not Found
/proc/255/cmdline	/proc/255/cmdline	Process not Found
/proc/278/cmdline	/proc/278/cmdline	Process not Found
/proc/338/cmdline	/proc/338/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/	/proc/	Process not Found
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/116/cmdline	/proc/116/cmdline	Process not Found
/proc/411/cmdline	/proc/411/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/204/cmdline	/proc/204/cmdline	Process not Found
/proc/339/cmdline	/proc/339/cmdline	Process not Found
/proc/251/cmdline	/proc/251/cmdline	Process not Found
/proc/399/cmdline	/proc/399/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/72/cmdline	/proc/72/cmdline	Process not Found
/proc/145/cmdline	/proc/145/cmdline	Process not Found
/proc/231/cmdline	/proc/231/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/36/cmdline	/proc/36/cmdline	Process not Found
/proc/142/cmdline	/proc/142/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/344/cmdline	/proc/344/cmdline	Process not Found
/proc/403/cmdline	/proc/403/cmdline	Process not Found
/proc/274/cmdline	/proc/274/cmdline	Process not Found
/proc/287/cmdline	/proc/287/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/217/cmdline	/proc/217/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/348/cmdline	/proc/348/cmdline	Process not Found
/proc/80/cmdline	/proc/80/cmdline	Process not Found
/proc/82/cmdline	/proc/82/cmdline	Process not Found
/proc/293/cmdline	/proc/293/cmdline	Process not Found
/proc/366/cmdline	/proc/366/cmdline	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/77/cmdline	/proc/77/cmdline	Process not Found
/proc/105/cmdline	/proc/105/cmdline	Process not Found

/tmp/c7ddbe460d5576610c19bc1894226cca.elf
/tmp/c7ddbe460d5576610c19bc1894226cca.elf
1⤵
PID:330

/bin/sh
sh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/c7ddbe460d5576610c19bc1894226cca.elf bin/busybox; chmod 777 bin/busybox"
1⤵
PID:331
- /bin/rm
  rm -rf bin/busybox
  2⤵
  PID:332
- /bin/mkdir
  mkdir bin
  2⤵
  - Reads runtime system information
  PID:333
- /bin/mv
  mv /tmp/c7ddbe460d5576610c19bc1894226cca.elf bin/busybox
  2⤵
  - Reads runtime system information
  PID:334
- /bin/chmod
  chmod 777 bin/busybox
  2⤵
  PID:335

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads