7bc084dfc22cf4dc0d5eec7b08bd4c463d73f6c67e2d086d0f53f6a95ead365c

Analysis

max time kernel
7s
platform
debian-9_mips
resource
debian9-mipsbe-20231215-en
resource tags

arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
31-12-2023 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

legend/start
Size

872B
MD5

bb0ef02b70069cbe43ad8eb6613d4743
SHA1

d317760cffc4d27bdb3668ab25614b57ad0bcbf3
SHA256

8022351f078c82e9f67e4b83a462083759642498eb4e81f66f08ad7bce531867
SHA512

6579046d4b60338acfd98224a3e80d05b74206768f20c6ab69eabf88cdaa9198b8e5de5150e20ce1ed54760493e7d863e7fb0961a100b872996b2715de7ba665

Score

6^/10

Malware Config

Signatures

Deletes log files 1 TTPs 5 IoCs

Deletes log files on the system.

Indicator Removal

T1070

description	ioc	Process
File deleted	/var/log/apt/history.log	rm
File deleted	/var/log/apt/term.log	rm
File deleted	/var/log/apt	rm
File deleted	/var/log/alternatives.log	rm
File deleted	/var/log/apt/eipp.log.xz	rm

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	ls

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/legend/cleanlist	start

/tmp/legend/start
/tmp/legend/start
1⤵
- Writes file to tmp directory
PID:709
- /bin/ls
  ls /var/log/
  2⤵
  - Reads runtime system information
  PID:714
- /bin/rm
  rm -rf /var/log/alternatives.log
  2⤵
  - Deletes log files
  PID:715
- /usr/bin/touch
  touch /var/log/alternatives.log
  2⤵
  PID:718
- /bin/rm
  rm -rf /var/log/apt
  2⤵
  - Deletes log files
  PID:719

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/legend/cleanlist

Filesize
153B

MD5
0e06f34aea5f1d1cfcbfbdd882bb1695

SHA1
48d424e2f34570db7ff874a96edd16845493d0c7

SHA256
9c5c82aacbfa8d589b503b1c0faa8e7e95fdd0f04690adb877c665f3d1564a62

SHA512
f1ade1774311f2c5eb38617d06a1a725eea62897866140deeff6f5b32e82882794ff6fb647c03bd20ee8bbd5ce1db3e4dc452b32e1a3f51558c161c01af97496

Download Submit