ef22c074a9807d18bb790b7f42f36ae6a361195d218bc93afe1a88b2f31c9f66

Analysis

max time kernel
37592s
max time network
153s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
16/02/2023, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

587f0558b4ee34a843045ac64d98a74b
Size

147KB
MD5

587f0558b4ee34a843045ac64d98a74b
SHA1

0bb45eed36e8af790ebb424b1bb465887a57e2c4
SHA256

ef22c074a9807d18bb790b7f42f36ae6a361195d218bc93afe1a88b2f31c9f66
SHA512

2a3d3fe6a8c6dce3a607df1ed8c117ad1e32ce12a80273b6443d6b3288cc5f9d4e32c827136f792720470d90368a2e03be52e14007a4445c3594650573140ba8
SSDEEP

3072:CJLce3pC5mT7naLHbz4N9GUJURIJ1FVEXkkTM/9oIMY:CJLcePnaLHbz4NMUJdHVEXkYM/9LMY

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (35825) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/210/cmdline	/proc/210/cmdline	Process not Found
/proc/234/cmdline	/proc/234/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/139/cmdline	/proc/139/cmdline	Process not Found
/proc/386/cmdline	/proc/386/cmdline	Process not Found
/proc/388/cmdline	/proc/388/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/372/cmdline	/proc/372/cmdline	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/25/cmdline	/proc/25/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/314/cmdline	/proc/314/cmdline	Process not Found
/proc/359/cmdline	/proc/359/cmdline	Process not Found
/proc/368/cmdline	/proc/368/cmdline	Process not Found
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/236/cmdline	/proc/236/cmdline	Process not Found
/proc/291/cmdline	/proc/291/cmdline	Process not Found
/proc/354/cmdline	/proc/354/cmdline	Process not Found
/proc/374/cmdline	/proc/374/cmdline	Process not Found
/proc/495/cmdline	/proc/495/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/29/cmdline	/proc/29/cmdline	Process not Found
/proc/80/cmdline	/proc/80/cmdline	Process not Found
/proc/101/cmdline	/proc/101/cmdline	Process not Found
/proc/280/cmdline	/proc/280/cmdline	Process not Found
/proc/315/cmdline	/proc/315/cmdline	Process not Found
/proc/380/cmdline	/proc/380/cmdline	Process not Found
/proc/446/cmdline	/proc/446/cmdline	Process not Found
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/27/cmdline	/proc/27/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/351/cmdline	/proc/351/cmdline	Process not Found
/proc/418/cmdline	/proc/418/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/233/cmdline	/proc/233/cmdline	Process not Found
/proc/308/cmdline	/proc/308/cmdline	Process not Found
/proc/312/cmdline	/proc/312/cmdline	Process not Found
/proc/279/cmdline	/proc/279/cmdline	Process not Found
/proc/378/cmdline	/proc/378/cmdline	Process not Found
/proc/396/cmdline	/proc/396/cmdline	Process not Found
/proc/42/cmdline	/proc/42/cmdline	Process not Found
/proc/112/cmdline	/proc/112/cmdline	Process not Found
/proc/113/cmdline	/proc/113/cmdline	Process not Found
/proc/152/cmdline	/proc/152/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/447/cmdline	/proc/447/cmdline	Process not Found
/proc/43/cmdline	/proc/43/cmdline	Process not Found
/proc/283/cmdline	/proc/283/cmdline	Process not Found
/proc/392/cmdline	/proc/392/cmdline	Process not Found
/proc/157/cmdline	/proc/157/cmdline	Process not Found
/proc/169/cmdline	/proc/169/cmdline	Process not Found
/proc/376/cmdline	/proc/376/cmdline	Process not Found
/proc/390/cmdline	/proc/390/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found

/tmp/587f0558b4ee34a843045ac64d98a74b
/tmp/587f0558b4ee34a843045ac64d98a74b
1⤵
PID:355
- /bin/sh
  /bin/sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/587f0558b4ee34a843045ac64d98a74b bin/watchdog; chmod 777 ��4;bin/watchdog�þ"
  2⤵
  PID:356
- - /bin/rm
    rm -rf bin/watchdog
    3⤵
    PID:357
- - /bin/mkdir
    mkdir bin
    3⤵
    - Reads runtime system information
    PID:358
- - /bin/mv
    mv /tmp/587f0558b4ee34a843045ac64d98a74b bin/watchdog
    3⤵
    - Reads runtime system information
    PID:363
- - /bin/chmod
    chmod 777 "��4"
    3⤵
    PID:364
- - bin/watchdog�þ
    "bin/watchdog�þ"
    3⤵
    PID:365

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads