Analysis
-
max time kernel
4s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231215-en -
resource tags
arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
22-12-2023 03:31
Static task
static1
Behavioral task
behavioral1
Sample
.../f
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral2
Sample
.../i
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral3
Sample
.../s
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
Behavioral task
behavioral4
Sample
.../s
Resource
debian9-armhf-20231215-en
debian-9-armhf
Behavioral task
behavioral5
Sample
.../s
Resource
debian9-mipsbe-20231215-en
debian-9-mips
Behavioral task
behavioral6
Sample
.../s
Resource
debian9-mipsel-20231215-en
debian-9-mipsel
General
-
Target
.../s
-
Size
922B
-
MD5
31274bb8d056acdc580344e2a44399cf
-
SHA1
eb19ecb1dfc1153154b7050811b780627919ad62
-
SHA256
9f09c8d391981d28f2d3d4fe4c5e178d34cfc09bf784acdd886995cebef8e0c9
-
SHA512
d26618fe7aa3c2a9b5600261ab8a986b226a96d932d28961400cb0728ca8061eca74a5ed1c1face5ded7ae801f726c1538bb0d333be075dc9045cb0bd657ca20
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1/stat killall File opened for reading /proc/82/stat killall File opened for reading /proc/375/stat killall File opened for reading /proc/688/stat killall File opened for reading /proc/712/stat killall File opened for reading /proc/79/stat killall File opened for reading /proc/687/cmdline killall File opened for reading /proc/356/stat killall File opened for reading /proc/355/stat killall File opened for reading /proc/651/stat killall File opened for reading /proc/23/stat killall File opened for reading /proc/71/stat killall File opened for reading /proc/72/stat killall File opened for reading /proc/75/stat killall File opened for reading /proc/78/stat killall File opened for reading /proc/353/stat killall File opened for reading /proc/687/stat killall File opened for reading /proc/688/cmdline killall File opened for reading /proc/717/stat killall File opened for reading /proc/36/stat killall File opened for reading /proc/2/stat killall File opened for reading /proc/9/stat killall File opened for reading /proc/10/stat killall File opened for reading /proc/11/stat killall File opened for reading /proc/12/stat killall File opened for reading /proc/24/stat killall File opened for reading /proc/18/stat killall File opened for reading /proc/77/stat killall File opened for reading /proc/238/stat killall File opened for reading /proc/650/stat killall File opened for reading /proc/74/stat killall File opened for reading /proc/707/stat killall File opened for reading /proc/674/stat killall File opened for reading /proc/15/stat killall File opened for reading /proc/17/stat killall File opened for reading /proc/19/stat killall File opened for reading /proc/116/stat killall File opened for reading /proc/149/stat killall File opened for reading /proc/386/stat killall File opened for reading /proc/8/stat killall File opened for reading /proc/21/stat killall File opened for reading /proc/115/stat killall File opened for reading /proc/376/stat killall File opened for reading /proc/690/stat killall File opened for reading /proc/filesystems killall File opened for reading /proc/14/stat killall File opened for reading /proc/73/stat killall File opened for reading /proc/116/cmdline killall File opened for reading /proc/696/cmdline killall File opened for reading /proc/619/stat killall File opened for reading /proc/5/stat killall File opened for reading /proc/84/stat killall File opened for reading /proc/106/stat killall File opened for reading /proc/164/stat killall File opened for reading /proc/352/stat killall File opened for reading /proc/604/stat killall File opened for reading /proc/144/cmdline killall File opened for reading /proc/392/stat killall File opened for reading /proc/self/maps awk File opened for reading /proc/6/stat killall File opened for reading /proc/22/stat killall File opened for reading /proc/37/stat killall File opened for reading /proc/76/stat killall File opened for reading /proc/326/stat killall -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc File opened for modification /tmp/.../eth
Processes
-
/tmp/.../s/tmp/.../s1⤵PID:707
-
/usr/bin/killallkillall -9 start2⤵
- Reads runtime system information
PID:710
-
-
/sbin/ipip route show2⤵PID:725
-
-
/bin/grepgrep default2⤵PID:726
-
-
/usr/bin/awkawk "{ for (i=1;i<=NF;i++) print \$i }"2⤵
- Reads runtime system information
PID:727
-
-
/bin/rmrm -rf eth2⤵PID:729
-
-
/sbin/ipip route show1⤵PID:722
-
/bin/grepgrep -v grep1⤵PID:723
-
/bin/grepgrep -c default1⤵PID:724
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35B
MD5a0ff04a831025c7f39dffc02dd159c1d
SHA127dd20c510e1c0d50002160d596e3b47df9c3f17
SHA2565f33a647ab5a2b8db1fd540fd6dcee8087852fecdc09f3ed44ca6b10afd65e08
SHA5122112634c0b524c815a5ef55c1ff756272577d0e657f3fc9610ce9fd573d4d5096dd4bb6f46ddc8ed7c56b21d27da277a3beda6cfc37db1d1f00945440aa10345