Analysis
-
max time kernel
150s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20231222-en -
resource tags
arch:mipselimage:debian9-mipsel-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
13/02/2024, 03:01
Static task
static1
Behavioral task
behavioral1
Sample
43de8954d7ea284fdb7fe1b2b7940d99ff062cf3376ce64a553f418361db2f16.elf
Resource
debian9-mipsel-20231222-en
debian-9-mipsel
General
-
Target
43de8954d7ea284fdb7fe1b2b7940d99ff062cf3376ce64a553f418361db2f16.elf
-
Size
90KB
-
MD5
30b4817e9570d87a0fe83fd480795477
-
SHA1
853b6e09b63b9b37112038fdd37dac2cb71cd62f
-
SHA256
43de8954d7ea284fdb7fe1b2b7940d99ff062cf3376ce64a553f418361db2f16
-
SHA512
4b49c97b63ce1f79fe837ad814df460e4519b11ee66e1e68c01c743e9ca6ea0b6180b4491f0a08a9394c925f86a681ad9734d1fa38fedd8750c0116d702bbfdc
-
SSDEEP
1536:heT0Mh08tVT/43Rhu8WyVrUQCZFpQtbSTH/ARL/G:ZMDyrUQCZ
Malware Config
Signatures
-
Contacts a large (46545) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/6/maps File opened for reading /proc/37/maps File opened for reading /proc/5/maps File opened for reading /proc/22/exe File opened for reading /proc/37/exe File opened for reading /proc/72/maps File opened for reading /proc/742/maps File opened for reading /proc/3/maps File opened for reading /proc/16/exe File opened for reading /proc/73/maps File opened for reading /proc/226/maps File opened for reading /proc/741/maps File opened for reading /proc/664/maps File opened for reading /proc/724/exe File opened for reading /proc/770/exe File opened for reading /proc/17/maps File opened for reading /proc/20/maps File opened for reading /proc/24/maps File opened for reading /proc/75/maps File opened for reading /proc/78/maps File opened for reading /proc/11/maps File opened for reading /proc/81/exe File opened for reading /proc/739/exe File opened for reading /proc/758/maps File opened for reading /proc/761/maps File opened for reading /proc/2/maps File opened for reading /proc/7/exe File opened for reading /proc/23/maps File opened for reading /proc/710/maps File opened for reading /proc/722/maps File opened for reading /proc/24/exe File opened for reading /proc/740/maps File opened for reading /proc/8/maps File opened for reading /proc/15/exe File opened for reading /proc/370/maps File opened for reading /proc/738/maps File opened for reading /proc/72/exe File opened for reading /proc/80/maps File opened for reading /proc/750/maps File opened for reading /proc/812/maps File opened for reading /proc/16/maps File opened for reading /proc/19/exe File opened for reading /proc/105/maps File opened for reading /proc/113/exe File opened for reading /proc/731/maps File opened for reading /proc/6/exe File opened for reading /proc/36/maps File opened for reading /proc/140/maps File opened for reading /proc/419/maps File opened for reading /proc/738/exe File opened for reading /proc/778/maps File opened for reading /proc/1/maps File opened for reading /proc/21/maps File opened for reading /proc/77/maps File opened for reading /proc/80/exe File opened for reading /proc/113/maps File opened for reading /proc/827/maps File opened for reading /proc/4/exe File opened for reading /proc/73/exe File opened for reading /proc/660/maps File opened for reading /proc/767/exe File opened for reading /proc/18/exe File opened for reading /proc/21/exe File opened for reading /proc/114/exe