Analysis
-
max time kernel
5s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20231215-en -
resource tags
arch:mipselimage:debian9-mipsel-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
22-12-2023 03:31
Static task
static1
Behavioral task
behavioral1
Sample
.../f
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
.../i
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
.../s
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
.../s
Resource
debian9-armhf-20231215-en
debian-9-armhf
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
.../s
Resource
debian9-mipsbe-20231215-en
debian-9-mips
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
.../s
Resource
debian9-mipsel-20231215-en
debian-9-mipsel
3 signatures
150 seconds
General
-
Target
.../s
-
Size
922B
-
MD5
31274bb8d056acdc580344e2a44399cf
-
SHA1
eb19ecb1dfc1153154b7050811b780627919ad62
-
SHA256
9f09c8d391981d28f2d3d4fe4c5e178d34cfc09bf784acdd886995cebef8e0c9
-
SHA512
d26618fe7aa3c2a9b5600261ab8a986b226a96d932d28961400cb0728ca8061eca74a5ed1c1face5ded7ae801f726c1538bb0d333be075dc9045cb0bd657ca20
Score
6/10
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/17/stat killall File opened for reading /proc/78/stat killall File opened for reading /proc/374/stat killall File opened for reading /proc/469/stat killall File opened for reading /proc/512/stat killall File opened for reading /proc/682/stat killall File opened for reading /proc/2/stat killall File opened for reading /proc/8/stat killall File opened for reading /proc/704/cmdline killall File opened for reading /proc/3/stat killall File opened for reading /proc/7/stat killall File opened for reading /proc/373/stat killall File opened for reading /proc/104/stat killall File opened for reading /proc/320/stat killall File opened for reading /proc/66/stat killall File opened for reading /proc/69/stat killall File opened for reading /proc/73/stat killall File opened for reading /proc/76/stat killall File opened for reading /proc/79/stat killall File opened for reading /proc/82/stat killall File opened for reading /proc/21/stat killall File opened for reading /proc/24/stat killall File opened for reading /proc/511/stat killall File opened for reading /proc/704/stat killall File opened for reading /proc/19/stat killall File opened for reading /proc/74/stat killall File opened for reading /proc/143/stat killall File opened for reading /proc/347/stat killall File opened for reading /proc/719/stat killall File opened for reading /proc/13/stat killall File opened for reading /proc/15/stat killall File opened for reading /proc/5/stat killall File opened for reading /proc/37/stat killall File opened for reading /proc/71/stat killall File opened for reading /proc/349/stat killall File opened for reading /proc/698/stat killall File opened for reading /proc/filesystems killall File opened for reading /proc/18/stat killall File opened for reading /proc/351/stat killall File opened for reading /proc/695/stat killall File opened for reading /proc/23/stat killall File opened for reading /proc/166/stat killall File opened for reading /proc/385/stat killall File opened for reading /proc/695/cmdline killall File opened for reading /proc/77/stat killall File opened for reading /proc/348/stat killall File opened for reading /proc/22/stat killall File opened for reading /proc/143/cmdline killall File opened for reading /proc/397/stat killall File opened for reading /proc/696/cmdline killall File opened for reading /proc/717/stat killall File opened for reading /proc/10/stat killall File opened for reading /proc/16/stat killall File opened for reading /proc/20/stat killall File opened for reading /proc/115/cmdline killall File opened for reading /proc/6/stat killall File opened for reading /proc/11/stat killall File opened for reading /proc/700/stat killall File opened for reading /proc/12/stat killall File opened for reading /proc/696/stat killall File opened for reading /proc/114/stat killall File opened for reading /proc/226/stat killall File opened for reading /proc/483/stat killall File opened for reading /proc/701/stat killall -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc File opened for modification /tmp/.../eth
Processes
-
/tmp/.../s/tmp/.../s1⤵PID:717
-
/usr/bin/killallkillall -9 start2⤵
- Reads runtime system information
PID:720
-
-
/sbin/ipip route show2⤵PID:730
-
-
/bin/grepgrep default2⤵PID:731
-
-
/usr/bin/awkawk "{ for (i=1;i<=NF;i++) print \$i }"2⤵PID:732
-
-
/bin/rmrm -rf eth2⤵PID:734
-
-
/sbin/ipip route show1⤵PID:726
-
/bin/grepgrep -v grep1⤵PID:727
-
/bin/grepgrep -c default1⤵PID:728