Overview

overview

7

Static

static

1

.i

debian-9-mips

7

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    30-06-2023 12:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .i

  • Size

    83KB

  • MD5

    5377e8f2ebdb280216c37a6195da9d6c

  • SHA1

    b54c705193b7963a0d40699a91cdb34fedecbe88

  • SHA256

    020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0

  • SHA512

    65e5aec56ddde56f245a20f88553d2f76bd7dd8e1940e9d49637d51a868fe73003b8a95fffeb9481110579f6ee4790fc9af1668d435930d4c01b116490908eed

  • SSDEEP

    1536:yYI0ARqw1qAEW67UIWi7M8gmfmJo0WgswnD6Efyq8PxlRkp2K3/J1V+uBNu:yYI0ARqw1qAEv7UIFM8oJorFquyjkRks

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 3 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.i
    /tmp/.i
    1⤵
    • Modifies Watchdog functionality
    PID:324
  • /bin/sh
    sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP"
    1⤵
      PID:331
      • /sbin/iptables
        iptables -A INPUT -p tcp --destination-port 23 -j DROP
        2⤵
        • Changes its process name
        • Deletes itself
        PID:332
    • /bin/sh
      sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP"
      1⤵
        PID:337
        • /sbin/iptables
          iptables -A INPUT -p tcp --destination-port 7547 -j DROP
          2⤵
            PID:338
        • /bin/sh
          sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP"
          1⤵
            PID:339
            • /sbin/iptables
              iptables -A INPUT -p tcp --destination-port 5555 -j DROP
              2⤵
                PID:340
            • /bin/sh
              sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP"
              1⤵
                PID:341
                • /sbin/iptables
                  iptables -A INPUT -p tcp --destination-port 5358 -j DROP
                  2⤵
                    PID:342
                • /bin/sh
                  sh -c "iptables -D INPUT -j CWMP_CR"
                  1⤵
                    PID:343
                    • /sbin/iptables
                      iptables -D INPUT -j CWMP_CR
                      2⤵
                        PID:344
                    • /bin/sh
                      sh -c "iptables -X CWMP_CR"
                      1⤵
                        PID:345
                        • /sbin/iptables
                          iptables -X CWMP_CR
                          2⤵
                            PID:346
                        • /bin/sh
                          sh -c "iptables -I INPUT -p udp --dport 59461 -j ACCEPT"
                          1⤵
                            PID:347
                            • /sbin/iptables
                              iptables -I INPUT -p udp --dport 59461 -j ACCEPT
                              2⤵
                                PID:348

                            Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • memory/324-1-0x00400000-0x0047a6c0-memory.dmp

                              Download