Malware Analysis Report

2025-08-05 17:00

Sample ID 240108-d9b5psbee5
Target ce006232d9983334aead018d7ae064de.bin
SHA256 46372c7f8f7d4659006efd1ef9e614b063e59cc1deb616aee962c2931785e8f5
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

46372c7f8f7d4659006efd1ef9e614b063e59cc1deb616aee962c2931785e8f5

Threat Level: Shows suspicious behavior

The file ce006232d9983334aead018d7ae064de.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary


Modifies Watchdog functionality

Changes its process name

Enumerates active TCP sockets

Enumerates running processes

Reads system network configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-08 03:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-08 03:42

Reported

2024-01-08 03:44

Platform

debian9-mipsbe-20231222-en

Max time kernel

1s

Max time network

28s

Command Line

[/tmp/1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d.elf]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself /var/Sofia /tmp/1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d.elf N/A

Modifies Watchdog functionality

Description Indicator Process Target
File opened for modification /dev/watchdog /tmp/1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d.elf N/A
File opened for modification /dev/misc/watchdog /tmp/1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d.elf N/A

Enumerates active TCP sockets

Description Indicator Process Target
File opened for reading /proc/net/tcp N/A N/A

Enumerates running processes

Reads system network configuration

Description Indicator Process Target
File opened for reading /proc/net/tcp N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/10/stat N/A N/A
File opened for reading /proc/6/stat N/A N/A
File opened for reading /proc/8/cmdline N/A N/A
File opened for reading /proc/12/cmdline N/A N/A
File opened for reading /proc/16/fd N/A N/A
File opened for reading /proc/17/cmdline N/A N/A
File opened for reading /proc/36/fd N/A N/A
File opened for reading /proc/80/stat N/A N/A
File opened for reading /proc/3/fd N/A N/A
File opened for reading /proc/20/stat N/A N/A
File opened for reading /proc/36/cmdline N/A N/A
File opened for reading /proc/9/fd N/A N/A
File opened for reading /proc/72/stat N/A N/A
File opened for reading /proc/20/cmdline N/A N/A
File opened for reading /proc/79/cmdline N/A N/A
File opened for reading /proc/12/fd N/A N/A
File opened for reading /proc/21/stat N/A N/A
File opened for reading /proc/24/cmdline N/A N/A
File opened for reading /proc/18/fd N/A N/A
File opened for reading /proc/17/fd N/A N/A
File opened for reading /proc/19/cmdline N/A N/A
File opened for reading /proc/21/fd N/A N/A
File opened for reading /proc/37/cmdline N/A N/A
File opened for reading /proc/70/stat N/A N/A
File opened for reading /proc/74/cmdline N/A N/A
File opened for reading /proc/16/stat N/A N/A
File opened for reading /proc/22/fd N/A N/A
File opened for reading /proc/74/stat N/A N/A
File opened for reading /proc/81/fd N/A N/A
File opened for reading /proc/4/fd N/A N/A
File opened for reading /proc/2/cmdline N/A N/A
File opened for reading /proc/6/fd N/A N/A
File opened for reading /proc/7/stat N/A N/A
File opened for reading /proc/7/fd N/A N/A
File opened for reading /proc/18/cmdline N/A N/A
File opened for reading /proc/37/fd N/A N/A
File opened for reading /proc/70/fd N/A N/A
File opened for reading /proc/75/stat N/A N/A
File opened for reading /proc/5/cmdline N/A N/A
File opened for reading /proc/23/fd N/A N/A
File opened for reading /proc/77/fd N/A N/A
File opened for reading /proc/5/stat N/A N/A
File opened for reading /proc/11/fd N/A N/A
File opened for reading /proc/15/cmdline N/A N/A
File opened for reading /proc/75/fd N/A N/A
File opened for reading /proc/76/stat N/A N/A
File opened for reading /proc/105/cmdline N/A N/A
File opened for reading /proc/9/stat N/A N/A
File opened for reading /proc/80/fd N/A N/A
File opened for reading /proc/81/stat N/A N/A
File opened for reading /proc/14/cmdline N/A N/A
File opened for reading /proc/18/stat N/A N/A
File opened for reading /proc/22/stat N/A N/A
File opened for reading /proc/23/cmdline N/A N/A
File opened for reading /proc/74/fd N/A N/A
File opened for reading /proc/76/fd N/A N/A
File opened for reading /proc/77/stat N/A N/A
File opened for reading /proc/8/stat N/A N/A
File opened for reading /proc/6/cmdline N/A N/A
File opened for reading /proc/19/fd N/A N/A
File opened for reading /proc/4/stat N/A N/A
File opened for reading /proc/24/stat N/A N/A
File opened for reading /proc/71/stat N/A N/A
File opened for reading /proc/71/cmdline N/A N/A

Processes

/tmp/1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d.elf

[/tmp/1e813727174a3135165ef0fa74664f5305527c64a5a52da61bcfa30f8053373d.elf]

Network

Country Destination Domain Proto
US 1.1.1.1:53 apple.bbos.ink udp
LT 176.223.133.62:1290 apple.bbos.ink tcp

Files

N/A