218fe9da113b9452350786c8666d471949058ca172f0e2e56a5503f0f988f1dd

Analysis

max time kernel
150s
max time network
153s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
20/04/2023, 05:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aa5f984e65f40f9d1b4346e0e63216c7.elf
Size

82KB
MD5

aa5f984e65f40f9d1b4346e0e63216c7
SHA1

8946a730d5042afb06968a43e60bc2c14f7cb806
SHA256

218fe9da113b9452350786c8666d471949058ca172f0e2e56a5503f0f988f1dd
SHA512

cadcc7e3e44b5d6ad1c18051ad04f8fd02329b3dc8486f039de609c9a32800055d1daab0ed9a386c97f07ddac2a83b4d25d1ad89dcb12ac4013fcce238899cd9
SSDEEP

768:2ty6IP7M/kq0INRhfuN2Eo9tl/de2YIwHKRH0I84EH6UT+7ZDYovZ73x/nL8y8Q4:Rakdn2Eo3ePu5GT+RYo99Be037Wt/

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (34808) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/293/cmdline	/proc/293/cmdline	Process not Found
/proc/319/cmdline	/proc/319/cmdline	Process not Found
/proc/396/cmdline	/proc/396/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/206/cmdline	/proc/206/cmdline	Process not Found
/proc/217/cmdline	/proc/217/cmdline	Process not Found
/proc/247/cmdline	/proc/247/cmdline	Process not Found
/proc/333/cmdline	/proc/333/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/143/cmdline	/proc/143/cmdline	Process not Found
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/320/cmdline	/proc/320/cmdline	Process not Found
/proc/77/cmdline	/proc/77/cmdline	Process not Found
/proc/219/cmdline	/proc/219/cmdline	Process not Found
/proc/282/cmdline	/proc/282/cmdline	Process not Found
/proc/400/cmdline	/proc/400/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/78/cmdline	/proc/78/cmdline	Process not Found
/proc/102/cmdline	/proc/102/cmdline	Process not Found
/proc/113/cmdline	/proc/113/cmdline	Process not Found
/proc/253/cmdline	/proc/253/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/387/cmdline	/proc/387/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/345/cmdline	/proc/345/cmdline	Process not Found
/proc/323/cmdline	/proc/323/cmdline	Process not Found
/proc/408/cmdline	/proc/408/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/69/cmdline	/proc/69/cmdline	Process not Found
/proc/135/cmdline	/proc/135/cmdline	Process not Found
/proc/272/cmdline	/proc/272/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/81/cmdline	/proc/81/cmdline	Process not Found
/proc/72/cmdline	/proc/72/cmdline	Process not Found
/proc/75/cmdline	/proc/75/cmdline	Process not Found
/proc/294/cmdline	/proc/294/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/155/cmdline	/proc/155/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/235/cmdline	/proc/235/cmdline	Process not Found
/proc/330/cmdline	/proc/330/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/37/cmdline	/proc/37/cmdline	Process not Found
/proc/74/cmdline	/proc/74/cmdline	Process not Found
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/341/cmdline	/proc/341/cmdline	Process not Found
/proc/236/cmdline	/proc/236/cmdline	Process not Found
/proc/248/cmdline	/proc/248/cmdline	Process not Found
/proc/36/cmdline	/proc/36/cmdline	Process not Found
/proc/73/cmdline	/proc/73/cmdline	Process not Found

/tmp/aa5f984e65f40f9d1b4346e0e63216c7.elf
/tmp/aa5f984e65f40f9d1b4346e0e63216c7.elf
1⤵
PID:324

/bin/sh
sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/aa5f984e65f40f9d1b4346e0e63216c7.elf bin/watchdog; chmod 777 bin/watchdog"
1⤵
PID:325
- /bin/rm
  rm -rf bin/watchdog
  2⤵
  PID:326
- /bin/mkdir
  mkdir bin
  2⤵
  - Reads runtime system information
  PID:327
- /bin/mv
  mv /tmp/aa5f984e65f40f9d1b4346e0e63216c7.elf bin/watchdog
  2⤵
  - Reads runtime system information
  PID:328
- /bin/chmod
  chmod 777 bin/watchdog
  2⤵
  PID:329

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads