c62c7aaa3ad4531cf64904ac9eac4e40b0946fd24bbe08513f3bba814796af85

Analysis

max time kernel
40062s
max time network
151s
platform
linux_mipsel
resource
debian9-mipsel-en-20211208
resource tags

arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
17/03/2023, 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3e77700778fc15dd844c4e6f2db2d3e.elf
Size

82KB
MD5

f3e77700778fc15dd844c4e6f2db2d3e
SHA1

e8c036c604fe2a6d6f7e7db6c78b84273fe29a09
SHA256

c62c7aaa3ad4531cf64904ac9eac4e40b0946fd24bbe08513f3bba814796af85
SHA512

04e311894dd48a9da059abfbd5e80e64616cd04420f0a58bfede2a2d5be0f362aba09e5462b93d4549588dd536c00dc73cc20753c857c77fac0b75d55e25133c
SSDEEP

1536:iVLyu95KZJkj752dCexuV/8UZlDwfkJ4MYfWt:iVLyMgOFezxu5VD1eI

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (30206) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/filesystems	/proc/filesystems	mkdir
/proc/filesystems	/proc/filesystems	mv
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/114/cmdline	/proc/114/cmdline	Process not Found
/proc/251/cmdline	/proc/251/cmdline	Process not Found
/proc/339/cmdline	/proc/339/cmdline	Process not Found
/proc/5/cmdline	/proc/5/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/37/cmdline	/proc/37/cmdline	Process not Found
/proc/282/cmdline	/proc/282/cmdline	Process not Found
/proc/325/cmdline	/proc/325/cmdline	Process not Found
/proc/75/cmdline	/proc/75/cmdline	Process not Found
/proc/333/cmdline	/proc/333/cmdline	Process not Found
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/74/cmdline	/proc/74/cmdline	Process not Found
/proc/81/cmdline	/proc/81/cmdline	Process not Found
/proc/83/cmdline	/proc/83/cmdline	Process not Found
/proc/204/cmdline	/proc/204/cmdline	Process not Found
/proc/357/cmdline	/proc/357/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/105/cmdline	/proc/105/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/295/cmdline	/proc/295/cmdline	Process not Found
/proc/321/cmdline	/proc/321/cmdline	Process not Found
/proc/390/cmdline	/proc/390/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/73/cmdline	/proc/73/cmdline	Process not Found
/proc/115/cmdline	/proc/115/cmdline	Process not Found
/proc/146/cmdline	/proc/146/cmdline	Process not Found
/proc/227/cmdline	/proc/227/cmdline	Process not Found
/proc/72/cmdline	/proc/72/cmdline	Process not Found
/proc/156/cmdline	/proc/156/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/78/cmdline	/proc/78/cmdline	Process not Found
/proc/212/cmdline	/proc/212/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/71/cmdline	/proc/71/cmdline	Process not Found
/proc/76/cmdline	/proc/76/cmdline	Process not Found
/proc/294/cmdline	/proc/294/cmdline	Process not Found
/proc/394/cmdline	/proc/394/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/215/cmdline	/proc/215/cmdline	Process not Found
/proc/335/cmdline	/proc/335/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found
/proc/244/cmdline	/proc/244/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/70/cmdline	/proc/70/cmdline	Process not Found
/proc/216/cmdline	/proc/216/cmdline	Process not Found
/proc/276/cmdline	/proc/276/cmdline	Process not Found
/proc/402/cmdline	/proc/402/cmdline	Process not Found
/proc/36/cmdline	/proc/36/cmdline	Process not Found

/tmp/f3e77700778fc15dd844c4e6f2db2d3e.elf
/tmp/f3e77700778fc15dd844c4e6f2db2d3e.elf
1⤵
PID:322

/bin/sh
sh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/f3e77700778fc15dd844c4e6f2db2d3e.elf bin/busybox; chmod 777 bin/busybox"
1⤵
PID:323
- /bin/rm
  rm -rf bin/busybox
  2⤵
  PID:324
- /bin/mkdir
  mkdir bin
  2⤵
  - Reads runtime system information
  PID:328
- /bin/mv
  mv /tmp/f3e77700778fc15dd844c4e6f2db2d3e.elf bin/busybox
  2⤵
  - Reads runtime system information
  PID:329
- /bin/chmod
  chmod 777 bin/busybox
  2⤵
  PID:330

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...