Analysis
-
max time kernel
151s -
max time network
153s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231215-en -
resource tags
arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
19/12/2023, 22:40
Static task
static1
Behavioral task
behavioral1
Sample
1d9c24b08d654d09cdb5ee56de8d4ce3
Resource
debian9-mipsbe-20231215-en
debian-9-mips
10 signatures
150 seconds
General
-
Target
1d9c24b08d654d09cdb5ee56de8d4ce3
-
Size
27KB
-
MD5
1d9c24b08d654d09cdb5ee56de8d4ce3
-
SHA1
33758f2c9b6ffb61f11016f67c665c8ec10c1432
-
SHA256
c8e019e63acaa2c70f28afd4305ca6588acc568cb1005ac6f7813ae3f7e76001
-
SHA512
7c9f76a58cac4fa166632364fc1edf82b24fee714073bd7e14121c9d1a00c9a94efa14e64de2114af5d3369f05152030d94df171ba2d05cfdae6bc2da142cf47
-
SSDEEP
768:1lBiH68RpezBkfkLTK/kqhjCD4PTLdyLoWeJ5BN1EJgGlzDpxYsH:HBAZjezTfKMqhnrLdJ5BNuVrYU
Score
9/10
Malware Config
Signatures
-
Contacts a large (115374) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself 0gefa8plprunun1i2gnojoo6 712 1d9c24b08d654d09cdb5ee56de8d4ce3 -
Deletes itself 1 IoCs
pid Process 712 1d9c24b08d654d09cdb5ee56de8d4ce3 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 1d9c24b08d654d09cdb5ee56de8d4ce3 File opened for modification /dev/misc/watchdog 1d9c24b08d654d09cdb5ee56de8d4ce3 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 1 IoCs
description ioc Process File opened for modification /sbin/watchdog 1d9c24b08d654d09cdb5ee56de8d4ce3 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/143/smaps Process not Found File opened for reading /proc/409/stack Process not Found File opened for reading /proc/697/stack Process not Found File opened for reading /proc/2/stack Process not Found File opened for reading /proc/10/stack Process not Found File opened for reading /proc/104/stack Process not Found File opened for reading /proc/115/smaps Process not Found File opened for reading /proc/7/smaps Process not Found File opened for reading /proc/16/smaps Process not Found File opened for reading /proc/780/smaps Process not Found File opened for reading /proc/702/smaps Process not Found File opened for reading /proc/14/smaps Process not Found File opened for reading /proc/17/stack Process not Found File opened for reading /proc/699/smaps Process not Found File opened for reading /proc/732/stack Process not Found File opened for reading /proc/23/smaps Process not Found File opened for reading /proc/360/smaps Process not Found File opened for reading /proc/534/smaps Process not Found File opened for reading /proc/705/stack Process not Found File opened for reading /proc/22/stack Process not Found File opened for reading /proc/336/stack Process not Found File opened for reading /proc/697/smaps Process not Found File opened for reading /proc/714/smaps Process not Found File opened for reading /proc/23/stack Process not Found File opened for reading /proc/534/stack Process not Found File opened for reading /proc/682/smaps Process not Found File opened for reading /proc/777/stack Process not Found File opened for reading /proc/114/smaps Process not Found File opened for reading /proc/696/stack Process not Found File opened for reading /proc/self/exe 1d9c24b08d654d09cdb5ee56de8d4ce3 File opened for reading /proc/3/smaps Process not Found File opened for reading /proc/4/smaps Process not Found File opened for reading /proc/82/smaps Process not Found File opened for reading /proc/77/smaps Process not Found File opened for reading /proc/3/stack Process not Found File opened for reading /proc/5/smaps Process not Found File opened for reading /proc/24/stack Process not Found File opened for reading /proc/74/stack Process not Found File opened for reading /proc/11/stack Process not Found File opened for reading /proc/409/smaps Process not Found File opened for reading /proc/500/smaps Process not Found File opened for reading /proc/705/smaps Process not Found File opened for reading /proc/699/stack Process not Found File opened for reading /proc/780/stack Process not Found File opened for reading /proc/77/stack Process not Found File opened for reading /proc/114/stack Process not Found File opened for reading /proc/257/smaps Process not Found File opened for reading /proc/384/smaps Process not Found File opened for reading /proc/78/stack Process not Found File opened for reading /proc/357/stack Process not Found File opened for reading /proc/358/stack Process not Found File opened for reading /proc/8/smaps Process not Found File opened for reading /proc/8/stack Process not Found File opened for reading /proc/696/smaps Process not Found File opened for reading /proc/769/stack Process not Found File opened for reading /proc/24/smaps Process not Found File opened for reading /proc/76/stack Process not Found File opened for reading /proc/80/stack Process not Found File opened for reading /proc/385/smaps Process not Found File opened for reading /proc/82/stack Process not Found File opened for reading /proc/359/smaps Process not Found File opened for reading /proc/495/stack Process not Found File opened for reading /proc/19/stack Process not Found File opened for reading /proc/37/smaps Process not Found