74626b340189fa80010c700c79d539138f510f90a280fce23de0a9b3f0bf6e3d

Analysis

max time kernel
151s
max time network
154s
platform
debian-9_mips
resource
debian9-mipsbe-20231215-en
resource tags

arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
13/02/2024, 02:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

74626b340189fa80010c700c79d539138f510f90a280fce23de0a9b3f0bf6e3d.elf
Size

185KB
MD5

097bf7eb4db111a245b54e68255da79a
SHA1

02031ab02327b7db93ff9232abf32161972b49a7
SHA256

74626b340189fa80010c700c79d539138f510f90a280fce23de0a9b3f0bf6e3d
SHA512

71a935acc62e126c460f18b9eef1e2d71785058f009e6213a66c7f420969967baf1a85028b28b7f346dab55b4d84db3fe9f0b36f4159390625b2708fbd7b60aa
SSDEEP

3072:/lWc+jHj7q6czWDzY6Grl1zpQidrO9FFRwu81FMHJ:/sc+m6ca5YlleiVO95wugFwJ

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (69510) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	#1,&	709	74626b340189fa80010c700c79d539138f510f90a280fce23de0a9b3f0bf6e3d.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/72/cmdline
File opened for reading	/proc/167/cmdline
File opened for reading	/proc/716/cmdline
File opened for reading	/proc/726/cmdline
File opened for reading	/proc/761/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/745/cmdline
File opened for reading	/proc/748/cmdline
File opened for reading	/proc/753/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/514/cmdline
File opened for reading	/proc/564/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/151/cmdline
File opened for reading	/proc/322/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/69/cmdline
File opened for reading	/proc/114/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/777/cmdline
File opened for reading	/proc/762/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/79/cmdline
File opened for reading	/proc/696/cmdline
File opened for reading	/proc/703/cmdline
File opened for reading	/proc/699/cmdline
File opened for reading	/proc/711/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/754/cmdline
File opened for reading	/proc/778/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/381/cmdline
File opened for reading	/proc/693/cmdline
File opened for reading	/proc/694/cmdline
File opened for reading	/proc/738/cmdline
File opened for reading	/proc/764/cmdline
File opened for reading	/proc/146/cmdline
File opened for reading	/proc/528/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/723/cmdline
File opened for reading	/proc/744/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/73/cmdline
File opened for reading	/proc/731/cmdline
File opened for reading	/proc/769/cmdline
File opened for reading	/proc/773/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/115/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/372/cmdline
File opened for reading	/proc/774/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/320/cmdline
File opened for reading	/proc/776/cmdline
File opened for reading	/proc/77/cmdline
File opened for reading	/proc/324/cmdline
File opened for reading	/proc/724/cmdline

/tmp/74626b340189fa80010c700c79d539138f510f90a280fce23de0a9b3f0bf6e3d.elf
/tmp/74626b340189fa80010c700c79d539138f510f90a280fce23de0a9b3f0bf6e3d.elf
1⤵
- Changes its process name
PID:709

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads