Analysis
-
max time kernel
600s -
max time network
604s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240221-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240221-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/02/2024, 11:08
Static task
static1
Behavioral task
behavioral1
Sample
mips
Resource
debian9-mipsbe-20240221-en
debian-9-mips
9 signatures
600 seconds
General
-
Target
mips
-
Size
78KB
-
MD5
1b4b83f0de87d0e9865705bf5dae9443
-
SHA1
b3561cbde2e244310c1fd447a64382dca120dfac
-
SHA256
7fcbcb420b7e56468fb7bf1e1f47ada2c0e723a826455b7241c81856dae0d89d
-
SHA512
e98eebcdd10177a86393398115bc1b901219e5834ddef7dd40f45ebe1b76ad20f537dac9757f0b4e690a6eb48a164e03aa1839cac9fe31c88f718df8975a9d5a
-
SSDEEP
1536:00jHUXUWpp7C95+pkuAnfngunIfn6CFfn3qx+HX53pSh/VnI8sRX:00UpppC5juAnfn9cQZVnI9
Score
9/10
Malware Config
Signatures
-
Contacts a large (132539) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 691 mips -
Renames itself 1 IoCs
pid Process 691 mips -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 38.103.195.4 Destination IP 103.1.206.179 Destination IP 217.160.70.42 Destination IP 94.16.114.254 Destination IP 51.254.162.59 Destination IP 195.10.195.195 Destination IP 63.231.92.27 Destination IP 130.61.64.122 Destination IP 217.160.70.42 Destination IP 192.3.165.37 Destination IP 192.3.165.37 Destination IP 64.176.6.48 Destination IP 54.36.111.116 Destination IP 37.252.191.197 Destination IP 80.152.203.134 Destination IP 94.16.114.254 Destination IP 88.198.92.222 Destination IP 168.138.8.38 Destination IP 70.34.254.19 Destination IP 45.84.1.149 Destination IP 88.198.92.222 Destination IP 63.231.92.27 Destination IP 35.211.96.150 Destination IP 217.160.70.42 Destination IP 94.16.114.254 Destination IP 134.195.4.2 Destination IP 94.16.114.254 Destination IP 81.169.136.222 Destination IP 37.252.191.197 Destination IP 168.235.111.72 Destination IP 35.211.96.150 Destination IP 51.254.162.59 Destination IP 35.211.96.150 Destination IP 185.84.81.194 Destination IP 51.254.162.59 Destination IP 168.138.8.38 Destination IP 139.84.165.176 Destination IP 217.160.70.42 Destination IP 64.176.6.48 Destination IP 185.84.81.194 Destination IP 192.71.166.92 Destination IP 217.160.70.42 Destination IP 70.34.254.19 Destination IP 185.232.68.212 Destination IP 168.235.111.72 Destination IP 5.161.109.23 Destination IP 130.61.64.122 Destination IP 64.176.6.48 Destination IP 168.138.8.38 Destination IP 139.84.165.176 Destination IP 185.181.61.24 Destination IP 70.34.254.19 Destination IP 185.181.61.24 Destination IP 168.138.12.137 Destination IP 217.160.70.42 Destination IP 81.169.136.222 Destination IP 192.71.166.92 Destination IP 103.1.206.179 Destination IP 103.1.206.179 Destination IP 37.252.191.197 Destination IP 81.169.136.222 Destination IP 54.36.111.116 Destination IP 134.195.4.2 Destination IP 195.10.195.195 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/736/cmdline File opened for reading /proc/738/cmdline File opened for reading /proc/757/cmdline File opened for reading /proc/804/maps File opened for reading /proc/713/maps File opened for reading /proc/772/cmdline File opened for reading /proc/791/maps File opened for reading /proc/392/status File opened for reading /proc/706/maps File opened for reading /proc/724/cmdline File opened for reading /proc/733/maps File opened for reading /proc/739/cmdline File opened for reading /proc/797/maps File opened for reading /proc/716/maps File opened for reading /proc/789/cmdline File opened for reading /proc/796/maps File opened for reading /proc/748/cmdline File opened for reading /proc/166/status File opened for reading /proc/684/status File opened for reading /proc/726/maps File opened for reading /proc/752/cmdline File opened for reading /proc/795/maps File opened for reading /proc/756/maps File opened for reading /proc/656/status File opened for reading /proc/686/status File opened for reading /proc/719/maps File opened for reading /proc/725/cmdline File opened for reading /proc/737/cmdline File opened for reading /proc/753/maps File opened for reading /proc/754/maps File opened for reading /proc/763/maps File opened for reading /proc/791/cmdline File opened for reading /proc/244/status File opened for reading /proc/390/status File opened for reading /proc/799/cmdline File opened for reading /proc/742/cmdline File opened for reading /proc/743/cmdline File opened for reading /proc/755/maps File opened for reading /proc/770/maps File opened for reading /proc/784/maps File opened for reading /proc/805/maps File opened for reading /proc/708/maps File opened for reading /proc/709/maps File opened for reading /proc/724/maps File opened for reading /proc/728/maps File opened for reading /proc/786/maps File opened for reading /proc/779/cmdline File opened for reading /proc/741/cmdline File opened for reading /proc/780/cmdline File opened for reading /proc/710/cmdline File opened for reading /proc/747/cmdline File opened for reading /proc/763/cmdline File opened for reading /proc/790/cmdline File opened for reading /proc/706/cmdline File opened for reading /proc/740/cmdline File opened for reading /proc/744/maps File opened for reading /proc/756/cmdline File opened for reading /proc/789/maps File opened for reading /proc/669/status File opened for reading /proc/719/cmdline File opened for reading /proc/732/cmdline File opened for reading /proc/737/maps File opened for reading /proc/777/cmdline File opened for reading /proc/715/cmdline