15f2ca79213487c41ecd5b37dfa097d6d6e951cbb7b78a0c441980d8572553e3 | Triage

Analysis

max time kernel
12s
platform
debian-9_mips
resource
debian9-mipsbe-20231215-en
resource tags

arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
22-12-2023 02:35

Sharing

Report Analysis Logs

General

Target

a/su
Size

478B
MD5

2971f2d5985c4d4c2c94601cb137fbd5
SHA1

6bc8db4766b47c5770a756bb2ec1db3f7a68ec7d
SHA256

0c568133d8e60167924cc7ab6c63f2ced2d66db9897028f77cb7462f24ccdb11
SHA512

6ec43b05ae8d60ca19a223b950b4fa60a890505bbc216bb7bdad3a2105fa3900e5be86dae3d653761fece15cb6ead4f4db4fc958c7fc387a2a496f10b5e1835a

Score

3^/10

Malware Config

Signatures

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc
File opened for modification	/tmp/a/scan.log
File opened for modification	/tmp/a/t.log

/tmp/a/su
/tmp/a/su
1⤵
PID:716
- /bin/rm
  rm -rf "*.pscan*"
  2⤵
  PID:730
- /bin/rm
  rm -rf vuln.txt
  2⤵
  PID:731
- /bin/rm
  rm -rf nobash.txt
  2⤵
  PID:732
- /tmp/a/ps
  ./ps 22
  2⤵
  PID:734
- /bin/sleep
  sleep 3
  2⤵
  PID:735
- /bin/cat
  cat .pscan.22
  2⤵
  PID:737
- /usr/bin/sort
  sort
  2⤵
  PID:738
- /usr/bin/uniq
  uniq
  2⤵
  PID:739
- /bin/grep
  grep -c . scan.log
  2⤵
  PID:740
- /tmp/a/brute
  ./brute 30
  2⤵
  PID:741
- /bin/sleep
  sleep 1
  2⤵
  PID:742
- /bin/cat
  cat vuln.txt
  2⤵
  PID:743
- /usr/bin/cut
  cut -d " " "-f1,2,3" "--output-d=:"
  2⤵
  PID:744
- /bin/cat
  cat nobash.txt
  2⤵
  PID:745
- /usr/bin/cut
  cut -d " " "-f1,2,3" "--output-d=:"
  2⤵
  PID:746
- /tmp/a/print
  ./print
  2⤵
  PID:747

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads