Analysis
-
max time kernel
4s -
max time network
125s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
09/05/2023, 15:22
Behavioral task
behavioral1
Sample
2b6c86d4164917f72b69a04a4cd788f5.elf
Resource
debian9-mipsbe-20221111-en
debian-9-mips
3 signatures
150 seconds
General
-
Target
2b6c86d4164917f72b69a04a4cd788f5.elf
-
Size
70KB
-
MD5
2b6c86d4164917f72b69a04a4cd788f5
-
SHA1
29359f55067bddd9d26d7835f60869d89df89446
-
SHA256
bba2ec7451ced3415773c5504f88a71aea75f81ee69981c1eaf7bafff38e8297
-
SHA512
2438bcb97dd2b9c7a5f5e9ac0844abab3ffa528056f7080c291ef2fcad3147eabf4330af173ff808758596e1272ca105232ce3b6971b02de307d09c0448ff4a4
-
SSDEEP
768:bPWek0n4CjdGQKKWgmg0EhFkFkeYA+QoN5XyApGqFDjOZ2uyyQ5NeNTP4wneIy:bj/hTmmjAoNhym2Uu6eBPZneh
Score
7/10
Malware Config
Signatures
-
Changes its process name 7 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself bash 327 Process not Found Changes the process name, possibly in an attempt to hide itself nginx 328 Process not Found Changes the process name, possibly in an attempt to hide itself inetd 329 Process not Found Changes the process name, possibly in an attempt to hide itself sshd 330 Process not Found Changes the process name, possibly in an attempt to hide itself bash 329 Process not Found Changes the process name, possibly in an attempt to hide itself inetd 336 Process not Found Changes the process name, possibly in an attempt to hide itself sshd 337 Process not Found -
Deletes itself 1 IoCs
pid Process 326 2b6c86d4164917f72b69a04a4cd788f5.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/2/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/77/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/36/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/114/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/164/cmdline File opened for reading /proc/216/cmdline File opened for reading /proc/322/cmdline File opened for reading /proc/204/cmdline File opened for reading /proc/272/cmdline File opened for reading /proc/324/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/105/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/228/cmdline File opened for reading /proc/329/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/156/cmdline File opened for reading /proc/212/cmdline File opened for reading /proc/245/cmdline File opened for reading /proc/214/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/67/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/71/cmdline File opened for reading /proc/249/cmdline File opened for reading /proc/292/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/37/cmdline File opened for reading /proc/69/cmdline File opened for reading /proc/82/cmdline File opened for reading /proc/138/cmdline File opened for reading /proc/321/cmdline File opened for reading /proc/325/cmdline File opened for reading /proc/291/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/75/cmdline File opened for reading /proc/145/cmdline File opened for reading /proc/244/cmdline File opened for reading /proc/284/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/70/cmdline File opened for reading /proc/213/cmdline File opened for reading /proc/277/cmdline File opened for reading /proc/330/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/76/cmdline File opened for reading /proc/115/cmdline