51afc09ad92d00237bdb1068222e4fc87e002ca0d51b65ea232fa94739e2cfba

Analysis

max time kernel
150s
max time network
153s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
21/05/2023, 18:02

Target

df831ff718a0ea6bf47615704cd940a9.elf
Size

82KB
MD5

df831ff718a0ea6bf47615704cd940a9
SHA1

89bc8ad171d03568fe205eadb299e6d53501ba4b
SHA256

51afc09ad92d00237bdb1068222e4fc87e002ca0d51b65ea232fa94739e2cfba
SHA512

91cd3498ee54439b9e41b6c29dbe7a16f8f4d5afd633b91e9398b3b27f8b1863cb73201bbd9472634d9e2d29b3d1aef0391e6e39c6b71ed50b39b55918a6cf2a
SSDEEP

768:D5X/YMkQd0w/yQMxsHsZoRLeIZs0WcJfEsUAVtcd2J2s2t22a22H2j2I6Cmust7S:sQnqfYEsUAFCajjBsuLfIhmqesTXs0j

Score

9^/10

discovery

Contacts a large (23828) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	324	df831ff718a0ea6bf47615704cd940a9.elf

/tmp/df831ff718a0ea6bf47615704cd940a9.elf
/tmp/df831ff718a0ea6bf47615704cd940a9.elf
1⤵
- Changes its process name
PID:324

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact