Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
22-02-2024 02:44
Static task
static1
Behavioral task
behavioral1
Sample
la.bot.mipsel
Resource
debian12-mipsel-20240221-en
debian-12-mipsel
5 signatures
150 seconds
General
-
Target
la.bot.mipsel
-
Size
52KB
-
MD5
1101450efaf38ff4ad2c6d62f00485bc
-
SHA1
ec20b9a78ab480b250382bb0cbe9240e2ba5aeff
-
SHA256
e23b734498a71d07b8750c89f9513c025aee64a160d26f26c186aa225ad1d917
-
SHA512
3b9100b3ba72e93f2345ad6cc57ea658084649de0d903b810e7cd7e2b277df9b1d8ae9f9e81349a023bb2f454311d26607926e5b58967bb85712c2f18c241c86
-
SSDEEP
768:ci062+AQbddPp4Rk48TierNeuk+jSBVuKZXiKAQ7ncJ:c4EQrKRk49iNdk+jSBIK17G
Score
7/10
Malware Config
Signatures
-
Changes its process name 2 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself n 723 la.bot.mipsel Changes the process name, possibly in an attempt to hide itself 723 la.bot.mipsel -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/771/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/334/cmdline File opened for reading /proc/679/cmdline File opened for reading /proc/717/cmdline File opened for reading /proc/761/cmdline File opened for reading /proc/53/cmdline File opened for reading /proc/751/cmdline File opened for reading /proc/794/cmdline File opened for reading /proc/808/cmdline File opened for reading /proc/740/cmdline File opened for reading /proc/741/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/34/cmdline File opened for reading /proc/113/cmdline File opened for reading /proc/721/cmdline File opened for reading /proc/802/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/48/cmdline File opened for reading /proc/178/cmdline File opened for reading /proc/380/cmdline File opened for reading /proc/738/cmdline File opened for reading /proc/747/cmdline File opened for reading /proc/111/cmdline File opened for reading /proc/752/cmdline File opened for reading /proc/753/cmdline File opened for reading /proc/789/cmdline File opened for reading /proc/35/cmdline File opened for reading /proc/667/cmdline File opened for reading /proc/733/cmdline File opened for reading /proc/793/cmdline File opened for reading /proc/801/cmdline File opened for reading /proc/719/cmdline File opened for reading /proc/730/cmdline File opened for reading /proc/732/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/786/cmdline File opened for reading /proc/790/cmdline File opened for reading /proc/791/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/405/cmdline File opened for reading /proc/711/cmdline File opened for reading /proc/757/cmdline File opened for reading /proc/763/cmdline File opened for reading /proc/28/cmdline File opened for reading /proc/203/cmdline File opened for reading /proc/803/cmdline File opened for reading /proc/804/cmdline File opened for reading /proc/47/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/769/cmdline File opened for reading /proc/806/cmdline File opened for reading /proc/300/cmdline File opened for reading /proc/366/cmdline File opened for reading /proc/729/cmdline File opened for reading /proc/749/cmdline File opened for reading /proc/792/cmdline File opened for reading /proc/810/cmdline File opened for reading /proc/37/cmdline