Overview

overview

7

Static

static

1

.i

debian-9-mips

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    30-06-2023 12:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .i

  • Size

    83KB

  • MD5

    5377e8f2ebdb280216c37a6195da9d6c

  • SHA1

    b54c705193b7963a0d40699a91cdb34fedecbe88

  • SHA256

    020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0

  • SHA512

    65e5aec56ddde56f245a20f88553d2f76bd7dd8e1940e9d49637d51a868fe73003b8a95fffeb9481110579f6ee4790fc9af1668d435930d4c01b116490908eed

  • SSDEEP

    1536:yYI0ARqw1qAEW67UIWi7M8gmfmJo0WgswnD6Efyq8PxlRkp2K3/J1V+uBNu:yYI0ARqw1qAEv7UIFM8oJorFquyjkRks

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 3 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.i
    /tmp/.i
    1⤵
    • Modifies Watchdog functionality
    PID:335
  • /bin/sh
    sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP"
    1⤵
      PID:338
      • /sbin/iptables
        iptables -A INPUT -p tcp --destination-port 23 -j DROP
        2⤵
        • Changes its process name
        • Deletes itself
        PID:340
    • /bin/sh
      sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP"
      1⤵
        PID:348
        • /sbin/iptables
          iptables -A INPUT -p tcp --destination-port 7547 -j DROP
          2⤵
            PID:349
        • /bin/sh
          sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP"
          1⤵
            PID:350
            • /sbin/iptables
              iptables -A INPUT -p tcp --destination-port 5555 -j DROP
              2⤵
                PID:351
            • /bin/sh
              sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP"
              1⤵
                PID:352
                • /sbin/iptables
                  iptables -A INPUT -p tcp --destination-port 5358 -j DROP
                  2⤵
                    PID:353
                • /bin/sh
                  sh -c "iptables -D INPUT -j CWMP_CR"
                  1⤵
                    PID:354
                    • /sbin/iptables
                      iptables -D INPUT -j CWMP_CR
                      2⤵
                        PID:355
                    • /bin/sh
                      sh -c "iptables -X CWMP_CR"
                      1⤵
                        PID:356
                        • /sbin/iptables
                          iptables -X CWMP_CR
                          2⤵
                            PID:357
                        • /bin/sh
                          sh -c "iptables -I INPUT -p udp --dport 52907 -j ACCEPT"
                          1⤵
                            PID:358
                            • /sbin/iptables
                              iptables -I INPUT -p udp --dport 52907 -j ACCEPT
                              2⤵
                                PID:359

                            Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • memory/335-1-0x00400000-0x0047a6c0-memory.dmp

                              Download