Analysis
-
max time kernel
133s -
max time network
154s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231026-en -
resource tags
arch:mipsimage:debian9-mipsbe-20231026-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
07/11/2023, 19:24
Behavioral task
behavioral1
Sample
mips.elf
Resource
debian9-mipsbe-20231026-en
debian-9-mips
3 signatures
150 seconds
General
-
Target
mips.elf
-
Size
58KB
-
MD5
1e3b72bacc393a234f973d5cb02dc353
-
SHA1
e0cd8a79faccc406cd8fd17493df3e2baa7af8d8
-
SHA256
a4d94a13387eda7c89982c4736bf7d30af79436dbe103b5d902baae50f4d2fdb
-
SHA512
6280939c25d96ae6cc69da9658841bc594f558b8bc4caf883839ff0e1949ef78cc86bd42dcc6382ffc37a32df0c74e6b6a3fed537d92a7d0125223f74f1e6062
-
SSDEEP
768:bvaLxUxyQpPT5rhmurrFtSmSnoh2Lt3ug+N1IZi0e4fyMnup//dujgtywoz:bvJFP1PtkF+N1t0lk16gtLc
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 697 mips.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/704/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/72/cmdline File opened for reading /proc/239/cmdline File opened for reading /proc/356/cmdline File opened for reading /proc/375/cmdline File opened for reading /proc/391/cmdline File opened for reading /proc/692/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/37/cmdline File opened for reading /proc/73/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/802/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/328/cmdline File opened for reading /proc/331/cmdline File opened for reading /proc/354/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/164/cmdline File opened for reading /proc/386/cmdline File opened for reading /proc/768/cmdline File opened for reading /proc/701/cmdline File opened for reading /proc/760/cmdline File opened for reading /proc/69/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/141/cmdline File opened for reading /proc/690/cmdline File opened for reading /proc/698/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/148/cmdline File opened for reading /proc/487/cmdline File opened for reading /proc/689/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/70/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/77/cmdline File opened for reading /proc/329/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/536/cmdline File opened for reading /proc/376/cmdline File opened for reading /proc/500/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/674/cmdline File opened for reading /proc/695/cmdline File opened for reading /proc/723/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/105/cmdline File opened for reading /proc/535/cmdline File opened for reading /proc/756/cmdline File opened for reading /proc/801/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/24/cmdline