Analysis
-
max time kernel
124s -
max time network
151s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221125-en -
resource tags
-
submitted
14/05/2023, 01:15
General
-
Target
55763357d962bfcf39f59658fe3200ed7d1cd5ff81c5ec8df0cf5272a76f2796.elf
-
Size
169KB
-
MD5
392e82d183580b68874c810823db0663
-
SHA1
b340ac1f625f1bc89f2d63c95db49935b24fd9f3
-
SHA256
55763357d962bfcf39f59658fe3200ed7d1cd5ff81c5ec8df0cf5272a76f2796
-
SHA512
a69faa12e23a0dffbcfb003159bfaf5100a10cff22d03c5ae8225a6849f82b478a7e7b731c18156efc1d103b7ce199a3d1e2cae9476b716d6d63c0fab818dd7a
-
SSDEEP
3072:r88lDTcfDLyxQRoVDDtqYC1Rlbk5jJfsiPE/e3b:A8xdRbYR1k5jJfsiPE/e3b
Score
9/10
Malware Config
Signatures
-
Contacts a large (148647) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes
-
/tmp/55763357d962bfcf39f59658fe3200ed7d1cd5ff81c5ec8df0cf5272a76f2796.elf/tmp/55763357d962bfcf39f59658fe3200ed7d1cd5ff81c5ec8df0cf5272a76f2796.elf1⤵
- Changes its process name
- Reads system routing table
- Reads system network configuration