Analysis
-
max time kernel
144s -
max time network
150s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231215-en -
resource tags
arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
20-12-2023 02:26
Behavioral task
behavioral1
Sample
7da3265af05914b0f542664a2aee0834
Resource
debian9-mipsbe-20231215-en
debian-9-mips
4 signatures
150 seconds
General
-
Target
7da3265af05914b0f542664a2aee0834
-
Size
98KB
-
MD5
7da3265af05914b0f542664a2aee0834
-
SHA1
dcbe9cb0f11c2caa537472eb998b5c134fa72d09
-
SHA256
a8d2b23842278aa19106e0e54dc6d6a63b250a8a2f6b3b5d0418a643560a337c
-
SHA512
b7a5a437f25f1b67517cdbe48db96794503703e2a181d191b2856f17a66adac1a1547ba3aff7465a3ae6e6cf6a45ffb21c697dc2256c0988d03222b26e30b8ca
-
SSDEEP
1536:g5230+LUmeBn8ZHtVnAVnRrt02ZXpPeyTms6Vn4hjX/3NJeu0Ifg:etlmegfnAVrMyTms6Vn4hjX/3NAUg
Score
8/10
Malware Config
Signatures
-
Contacts a large (1009) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Write file to user bin folder 1 TTPs 2 IoCs
description ioc File opened for modification /usr/sbin/exim4 File opened for modification /usr/sbin/agent -
Writes file to system bin folder 1 TTPs 3 IoCs
description ioc File opened for modification /sbin/dhclient File opened for modification /bin/bash File opened for modification /bin/dash -
Reads runtime system information 19 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/695/maps File opened for reading /proc/698/maps File opened for reading /proc/720/maps File opened for reading /proc/509/maps File opened for reading /proc/555/maps File opened for reading /proc/718/maps File opened for reading /proc/495/maps File opened for reading /proc/696/maps File opened for reading /proc/707/maps File opened for reading /proc/715/maps File opened for reading /proc/719/maps File opened for reading /proc/681/maps File opened for reading /proc/700/maps File opened for reading /proc/701/maps File opened for reading /proc/704/maps File opened for reading /proc/714/maps File opened for reading /proc/721/maps File opened for reading /proc/402/maps File opened for reading /proc/553/maps