a9a4e55bc58130e81ed060b2c940a628a4b5f08f0764cf6bb94893e8d9fbb8b3

Analysis

max time kernel
150s
max time network
153s
platform
debian-9_mips
resource
debian9-mipsbe-20231215-en
resource tags

arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
20/12/2023, 07:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e4cac3151956a7cc90ce294b9cf4249
Size

74KB
MD5

8e4cac3151956a7cc90ce294b9cf4249
SHA1

2782ebcddb2882017588b8902e1ee16090c6aba7
SHA256

a9a4e55bc58130e81ed060b2c940a628a4b5f08f0764cf6bb94893e8d9fbb8b3
SHA512

c65a4909f929734cea846f11ecfff3a8a798b024e8c33079b1a19c4d9d5272cfe446a17bb5f64fd7254e88e5105f063e84fc8a170f4cbd735903500c65d06717
SSDEEP

1536:PCJ20olmeJuYqR2jQGATIJff0p9Ch7eIIemJ:70olmSqTIJff0XChkemJ

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (38129) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Write file to user bin folder 1 TTPs 2 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/usr/sbin/exim4
File opened for modification	/usr/sbin/agent

Writes file to system bin folder 1 TTPs 3 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/bin/dash
File opened for modification	/sbin/dhclient
File opened for modification	/bin/bash

Reads runtime system information 18 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/693/maps
File opened for reading	/proc/713/maps
File opened for reading	/proc/714/maps
File opened for reading	/proc/730/maps
File opened for reading	/proc/731/maps
File opened for reading	/proc/510/maps
File opened for reading	/proc/711/maps
File opened for reading	/proc/542/maps
File opened for reading	/proc/501/maps
File opened for reading	/proc/543/maps
File opened for reading	/proc/709/maps
File opened for reading	/proc/717/maps
File opened for reading	/proc/720/maps
File opened for reading	/proc/723/maps
File opened for reading	/proc/413/maps
File opened for reading	/proc/727/maps
File opened for reading	/proc/728/maps
File opened for reading	/proc/708/maps

/tmp/8e4cac3151956a7cc90ce294b9cf4249
/tmp/8e4cac3151956a7cc90ce294b9cf4249
1⤵
PID:724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads