Overview

overview

7

Static

static

1

95f02f54d0...JC.elf

debian-9-mipsel

7

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20230831-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20230831-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    05/10/2023, 17:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95f02f54d09af2fcda7797d61d58d6d01674bf2f2491dc7cc0e3189f432744a5elf_JC.elf

  • Size

    74KB

  • MD5

    2b777dc4d32cc653db5a84bcdefeff3a

  • SHA1

    61eabd62d174a9434c7d6412c14b53a538b689da

  • SHA256

    95f02f54d09af2fcda7797d61d58d6d01674bf2f2491dc7cc0e3189f432744a5

  • SHA512

    d93bfc1f395b92fcfa677757df357f62e32f8e8ee06c34a05af7bf1a43fac1fd3894d467d1016a2f1a1fdd0775d0b16b47adf02b7d3d8e2ffb018d71a3c11b27

  • SSDEEP

    1536:mLIgNmUBSI81JBc2kr6BhJSud0y3zsvmMZkAAwCkKwbZn:mLVYmSNJBvyZuWyjsv/JEwbZn

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Deletes itself 1 IoCs
  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/95f02f54d09af2fcda7797d61d58d6d01674bf2f2491dc7cc0e3189f432744a5elf_JC.elf
    /tmp/95f02f54d09af2fcda7797d61d58d6d01674bf2f2491dc7cc0e3189f432744a5elf_JC.elf
    1⤵
    • Changes its process name
    • Deletes itself
    • Writes file to tmp directory
    PID:333

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads