Analysis
-
max time kernel
0s -
max time network
126s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
26-03-2023 13:52
Behavioral task
behavioral1
Sample
01e201d00574f6b9c651bbb78f65bb92.elf
Resource
debian9-mipsbe-20221111-en
General
-
Target
01e201d00574f6b9c651bbb78f65bb92.elf
-
Size
170KB
-
MD5
01e201d00574f6b9c651bbb78f65bb92
-
SHA1
9423fc3752d5d4f3b51e1609e69c444b6b72fd86
-
SHA256
eb60136d4d866e5a0c2e24a89ce8cb86e76acaa48cd23a1071af81696dfeda30
-
SHA512
61363871c1df6c7e614a6b5e607e87a22f7b54aa9d376b732ba8da8df6109cdd8329647eb76b8dc520c627acdec3155adbe85d2f3ea8914bdb6a72f55ff79734
-
SSDEEP
3072:SfKeED0L+xfZZNcvetJ8add9Qzhs5UxOOPfqnXdfi+KqLwZi+LUk:WKRE0ravetJ8addQoUedfi+KqLwU+LUk
Malware Config
Signatures
-
Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
01e201d00574f6b9c651bbb78f65bb92.elfdescription ioc process /etc/rc.d/rc.local /etc/rc.d/rc.local 01e201d00574f6b9c651bbb78f65bb92.elf -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
01e201d00574f6b9c651bbb78f65bb92.elfdescription ioc process /proc/net/route /proc/net/route 01e201d00574f6b9c651bbb78f65bb92.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
01e201d00574f6b9c651bbb78f65bb92.elfdescription ioc process /proc/net/route /proc/net/route 01e201d00574f6b9c651bbb78f65bb92.elf