f71837acd9629898d65d32c655d021a06792aef8ef0b624bd9e2cdde6acc95fe

Analysis

max time kernel
9854s
max time network
151s
platform
debian-9_mipsel
resource
debian9-mipsel-20221111-en
resource tags

arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
05/03/2023, 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a54ef33307055cb96132c4ac405d8329
Size

29KB
MD5

a54ef33307055cb96132c4ac405d8329
SHA1

8b8667eae92266d1301a90fe0d1c5c4da279f6fd
SHA256

f71837acd9629898d65d32c655d021a06792aef8ef0b624bd9e2cdde6acc95fe
SHA512

99fcffe69442e0b82d9bf58d40b86a5db765faf8a94485a287024665a9f1b528cbee38a90f6552e69fb507b7e0fc09988aba89beb0f364c2b53f635e661ca174
SSDEEP

768:ICn8siAvV2IsJhcpzAp1UU0SWyEVwlMIxWq:ICn8siAvVkL0fpVmMO

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (85326) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Reads runtime system information 63 IoCs

Reads data from /proc virtual filesystem.

description	ioc
/proc/70/cmdline	/proc/70/cmdline
/proc/230/cmdline	/proc/230/cmdline
/proc/287/cmdline	/proc/287/cmdline
/proc/295/cmdline	/proc/295/cmdline
/proc/11/cmdline	/proc/11/cmdline
/proc/2/cmdline	/proc/2/cmdline
/proc/19/cmdline	/proc/19/cmdline
/proc/68/cmdline	/proc/68/cmdline
/proc/141/cmdline	/proc/141/cmdline
/proc/278/cmdline	/proc/278/cmdline
/proc/320/cmdline	/proc/320/cmdline
/proc/	/proc/
/proc/16/cmdline	/proc/16/cmdline
/proc/74/cmdline	/proc/74/cmdline
/proc/250/cmdline	/proc/250/cmdline
/proc/281/cmdline	/proc/281/cmdline
/proc/14/cmdline	/proc/14/cmdline
/proc/71/cmdline	/proc/71/cmdline
/proc/105/cmdline	/proc/105/cmdline
/proc/217/cmdline	/proc/217/cmdline
/proc/325/cmdline	/proc/325/cmdline
/proc/23/cmdline	/proc/23/cmdline
/proc/73/cmdline	/proc/73/cmdline
/proc/229/cmdline	/proc/229/cmdline
/proc/12/cmdline	/proc/12/cmdline
/proc/76/cmdline	/proc/76/cmdline
/proc/206/cmdline	/proc/206/cmdline
/proc/4/cmdline	/proc/4/cmdline
/proc/22/cmdline	/proc/22/cmdline
/proc/36/cmdline	/proc/36/cmdline
/proc/81/cmdline	/proc/81/cmdline
/proc/3/cmdline	/proc/3/cmdline
/proc/82/cmdline	/proc/82/cmdline
/proc/1/cmdline	/proc/1/cmdline
/proc/6/cmdline	/proc/6/cmdline
/proc/20/cmdline	/proc/20/cmdline
/proc/37/cmdline	/proc/37/cmdline
/proc/72/cmdline	/proc/72/cmdline
/proc/256/cmdline	/proc/256/cmdline
/proc/294/cmdline	/proc/294/cmdline
/proc/327/cmdline	/proc/327/cmdline
/proc/5/cmdline	/proc/5/cmdline
/proc/21/cmdline	/proc/21/cmdline
/proc/24/cmdline	/proc/24/cmdline
/proc/79/cmdline	/proc/79/cmdline
/proc/228/cmdline	/proc/228/cmdline
/proc/231/cmdline	/proc/231/cmdline
/proc/13/cmdline	/proc/13/cmdline
/proc/9/cmdline	/proc/9/cmdline
/proc/15/cmdline	/proc/15/cmdline
/proc/17/cmdline	/proc/17/cmdline
/proc/18/cmdline	/proc/18/cmdline
/proc/115/cmdline	/proc/115/cmdline
/proc/255/cmdline	/proc/255/cmdline
/proc/326/cmdline	/proc/326/cmdline
/proc/8/cmdline	/proc/8/cmdline
/proc/10/cmdline	/proc/10/cmdline
/proc/116/cmdline	/proc/116/cmdline
/proc/7/cmdline	/proc/7/cmdline
/proc/146/cmdline	/proc/146/cmdline
/proc/156/cmdline	/proc/156/cmdline
/proc/249/cmdline	/proc/249/cmdline
/proc/77/cmdline	/proc/77/cmdline

/tmp/a54ef33307055cb96132c4ac405d8329
/tmp/a54ef33307055cb96132c4ac405d8329
1⤵
PID:322

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...