Overview

overview

7

Static

static

1

VirusShare...e1497c

ubuntu-18.04-amd64

7

VirusShare...e1497c

debian-9-armhf

7

VirusShare...e1497c

debian-9-mips

7

VirusShare...e1497c

debian-9-mipsel

7

Analysis

  • max time kernel
    8s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20231222-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    02/02/2024, 08:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare-11598b349fd981f7f6e4f74bbce1497c

  • Size

    1KB

  • MD5

    11598b349fd981f7f6e4f74bbce1497c

  • SHA1

    bf06d5957a2e6a265ff795d1548defa2d5adc0ae

  • SHA256

    029ec0251cb669e14f04bfc47f9edd34216abb46b4626e5eb479e21101f1d184

  • SHA512

    a46cce5b6e242c4dea3b9e6a8c10677f984d637f46c1a285a1cc4762d33ffbcfea1b0780721add9f70031cf78e5493ed870f8b927c11590919901319efbe9a06

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Writes file to system bin folder 1 TTPs 1 IoCs
  • Writes file to tmp directory 10 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/VirusShare-11598b349fd981f7f6e4f74bbce1497c
    /tmp/VirusShare-11598b349fd981f7f6e4f74bbce1497c
    1⤵
    • Writes file to tmp directory
    PID:709
    • /bin/cat
      cat
      2⤵
        PID:712
      • /usr/bin/gcc
        gcc -o /bin/rootd /tmp/rootd.c
        2⤵
        • Writes file to tmp directory
        PID:713
        • /usr/lib/gcc/mips-linux-gnu/6/cc1
          /usr/lib/gcc/mips-linux-gnu/6/cc1 -quiet -imultiarch mips-linux-gnu /tmp/rootd.c -meb -quiet -dumpbase rootd.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mips32r2 "-mabi=32" -auxbase rootd -o /tmp/cc1UVfWO.s
          3⤵
          • Writes file to tmp directory
          PID:721
        • /usr/local/sbin/as
          as -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccMI1NvU.o /tmp/cc1UVfWO.s
          3⤵
            PID:733
          • /usr/local/bin/as
            as -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccMI1NvU.o /tmp/cc1UVfWO.s
            3⤵
              PID:733
            • /usr/sbin/as
              as -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccMI1NvU.o /tmp/cc1UVfWO.s
              3⤵
                PID:733
              • /usr/bin/as
                as -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccMI1NvU.o /tmp/cc1UVfWO.s
                3⤵
                • Writes file to tmp directory
                PID:733
              • /usr/lib/gcc/mips-linux-gnu/6/collect2
                /usr/lib/gcc/mips-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cco4s3Md.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /bin/rootd /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccMI1NvU.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o
                3⤵
                • Writes file to tmp directory
                PID:734
                • /usr/bin/ld
                  /usr/bin/ld -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cco4s3Md.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /bin/rootd /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccMI1NvU.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o
                  4⤵
                  • Writes file to system bin folder
                  PID:735
            • /bin/rm
              rm -f /tmp/rootd.c
              2⤵
                PID:736
              • /bin/rootd
                /bin/rootd
                2⤵
                • Executes dropped EXE
                PID:737

            Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /bin/rootd
                    Filesize

                    9KB

                    MD5

                    d0ad1bee51904a5aa745c17226b21f2c

                    SHA1

                    efed588d17fd10cf4d8342056bd4a8c647ef6108

                    SHA256

                    b7841aa4b3ef1096461921c7168f229b5c1c5497ed2148b8e9bb8a654801f096

                    SHA512

                    bb0f5f21bfb38a73c759427d67fb385187d620de0984cd5b99fdc5374816530dd4883b250189a0c9af67d2e58622098afc6530d97520db8ee14e366a9da79639

                    Download Submit

                  • /tmp/ccMI1NvU.o
                    Filesize

                    3KB

                    MD5

                    334a1f1161e719ef557d95c86f0622d5

                    SHA1

                    b105f71a9ccf25b0dbbb280444c1e311449a01e8

                    SHA256

                    20db630056927d8129331239ddf881d5db5ab378e49c81696d65b7ff57bd681c

                    SHA512

                    f0d762056cddc7ed9fa85ad01cced694c5bf6937041cc362706484f1e688ab8fb717174d12e4cfcd034842b84e6fc1e27262dadd9ae87b649fbdcace7c1904c0

                    Download Submit

                  • /tmp/rootd.c
                    Filesize

                    1KB

                    MD5

                    97dc1b65867abf726e95dc5c3908d8a3

                    SHA1

                    d390ffa04d7011d9e967e889a1478ed4b6da02d2

                    SHA256

                    17ee614db2950a3246893aa07b5dfbf3ee8b86bad0657138acb8d6e96521eb9d

                    SHA512

                    5745909f503bd7170399924e2e3cafa87f83b611c0f5ae7db8df37530e4c77491d35f9c5fd7c8fde848aeb5f0e2a21027daa8bb8236b1ed27dd4999f9fe398b3

                    Download Submit