Overview

overview

7

Static

static

1

eeccf51bb2...ddd6ab

ubuntu-18.04-amd64

7

eeccf51bb2...ddd6ab

debian-9-armhf

7

eeccf51bb2...ddd6ab

debian-9-mips

7

eeccf51bb2...ddd6ab

debian-9-mipsel

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20221111-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    15-05-2023 12:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab

  • Size

    41KB

  • MD5

    b9e02521a0bb96eb0528c170770a0c2d

  • SHA1

    eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab

  • SHA256

    bb4c8ee23103cd57741a1008552dae1038c17c505dd16f80571d795d91892cad

  • SHA512

    6ecd57b14e5377c880d759979d0c3f461ed93a2f2c4ab69dfb3a550e973460e769c453d1ff38efe9d5e0c4aba43cddcf90bb5ff5a1e9b8dbb54095c3c688c6ba

  • SSDEEP

    384:l0FINvSo5o/Ds3oIywe4Xz2Ye6rDBzgHZ4zRZn7hElu/tOJJJ2JJJuOfvuy/97MA:qCv3oIywe4Xz2YeIDBzgHShFMSZf

Score
7/10
persistence

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab
    /tmp/eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab
    1⤵
    • Changes its process name
    PID:326
  • sh
    sh -c "echo '* * * * * /tmp/eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab' >> newcrontab ; crontab newcrontab; rm -fr newcrontab"
    1⤵
    • Writes file to tmp directory
    PID:331
    • crontab
      crontab newcrontab
      2⤵
      • Creates/modifies Cron job
      • Reads runtime system information
      PID:332
    • rm
      rm -fr newcrontab
      2⤵
        PID:333

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /tmp/newcrontab
      Filesize

      56B

      MD5

      36a15ca328f6f858509d4c27ae7246ec

      SHA1

      7c279b68431e8fb049a5644dbf36dd1b0ace7b58

      SHA256

      53e802c281234769526fe2d9470664467f533d092c0126e423bedba7a7c6efbf

      SHA512

      568c11275e2240618b99924ff8416044d8e1a032e6a9a29d938850157923acf85e820cccd2125be938b9c1a30347919c552721d26dbe14e4f059af2a34dd400a

      Download Submit

    • /var/spool/cron/crontabs/tmp.SH0KYB
      Filesize

      240B

      MD5

      e23875f6b4d82ad9d959ee9c312742b4

      SHA1

      a2b33a1b9bd306ccbc81c77f503a40139d56f332

      SHA256

      1641a73c185c454a28b4bb669d13275709e2a99d79fa0959390aa4b8c5b19335

      SHA512

      92872fe2a011a342794d236430b47e77bc18783b971feeb42d402b18113637d6a13b7c67b1ee1b50b9ed9485515577cdf651e392891c2c5bf6c046860b4cad12

      Download Submit