Analysis
-
max time kernel
8230s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
14-02-2023 23:59
Behavioral task
behavioral1
Sample
d1ad0d914039816e7c90d693fb622935.elf
Resource
debian9-mipsbe-20221111-en
General
-
Target
d1ad0d914039816e7c90d693fb622935.elf
-
Size
144KB
-
MD5
d1ad0d914039816e7c90d693fb622935
-
SHA1
0f25ed799934cf40dd3cfe17fbf88aeca5fbea27
-
SHA256
1375348b20b4a2f78dc4f54226393ad7bf88dc8bb6879a1fb28b23dd90e44583
-
SHA512
ed36bb069740c02d2aa4929d0664efca1be0edb8443ca70234888198cbb2970941450d73754341a861fb94192775488ff9a16ec655d0f72cad6be3f1a9fdd10f
-
SSDEEP
1536:Dd7jY1TFEq+/7sg2rK4xax+FagaC2rK4HaQxkqHe+0TvvbYPeIFr267UDKSshmvE:SL/y5kBTvvb4SOUDwhmvj3q+13Botx5
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.
Processes:
description ioc /etc/hosts /etc/hosts -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
d1ad0d914039816e7c90d693fb622935.elfdescription ioc process /proc/net/route /proc/net/route d1ad0d914039816e7c90d693fb622935.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
d1ad0d914039816e7c90d693fb622935.elfdescription ioc process /proc/net/route /proc/net/route d1ad0d914039816e7c90d693fb622935.elf