ea0d3d26968d03d831e8d87c9a078540cdd56784492e4871fc0550e681319c1e

Analysis

max time kernel
150s
max time network
147s
platform
debian-9_mips
resource
debian9-mipsbe-20240226-en
resource tags

arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
09/04/2024, 12:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac7cbd47c811bab61a2bf6344b6f6692.elf
Size

913KB
MD5

ac7cbd47c811bab61a2bf6344b6f6692
SHA1

ac41e31cd41ee5aaa45a98e9ec11ad1d41c1e1cc
SHA256

ea0d3d26968d03d831e8d87c9a078540cdd56784492e4871fc0550e681319c1e
SHA512

6a11c779675b751670166b20781e6bbd9c22124e4907c9a8f5abdec23da85c3a61915f241c8bcd0f7135caa57a8a6f8622d1a296a591115ce4a73ac01be8dc2b
SSDEEP

24576:T8InNGiNY4kl6dP2w6U/G+3xnNzIMk2lcigFaj:v04a6dew6U/R3xVLk2WLFaj

Score

7^/10

evasion

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
711	ac7cbd47c811bab61a2bf6344b6f6692.elf

Executes dropped EXE 1 IoCs

ioc	pid	Process
/tmp/uwie4nb988k7f2884f2/0g871vd2kmlboq8b6e05edb	712	0g871vd2kmlboq8b6e05edb

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc	Process
File opened for modification	/etc/resolv.conf	ac7cbd47c811bab61a2bf6344b6f6692.elf

Reads MAC address of network interface 2 TTPs 2 IoCs

Fetches the MAC address of active network interfaces. May be used to detect known values for hypervisors.

evasion

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

description	ioc	Process
File opened for reading	/sys/class/net/enp0s19/address	0g871vd2kmlboq8b6e05edb
File opened for reading	/sys/class/net/enp0s19/address	Process not Found

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/self/comm	ac7cbd47c811bab61a2bf6344b6f6692.elf

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/uwie4nb988k7f2884f2/libc.so.0	ac7cbd47c811bab61a2bf6344b6f6692.elf
File opened for modification	/tmp/uwie4nb988k7f2884f2/ld-uClibc.so.1	ac7cbd47c811bab61a2bf6344b6f6692.elf
File opened for modification	/tmp/uwie4nb988k7f2884f2/0g871vd2kmlboq8b6e05edb	ac7cbd47c811bab61a2bf6344b6f6692.elf
File opened for modification	/tmp/uwie4nb988k7f2884f2	0g871vd2kmlboq8b6e05edb

/tmp/ac7cbd47c811bab61a2bf6344b6f6692.elf
/tmp/ac7cbd47c811bab61a2bf6344b6f6692.elf
1⤵
- Deletes itself
- Writes DNS configuration
- Reads runtime system information
- Writes file to tmp directory
PID:711
- /tmp/uwie4nb988k7f2884f2/0g871vd2kmlboq8b6e05edb
  2⤵
  - Executes dropped EXE
  - Reads MAC address of network interface
  - Writes file to tmp directory
  PID:712
- /bin/sh
  /bin/sh -c "cp -f /tmp/ac7cbd47c811bab61a2bf6344b6f6692.elf /etc/init.d/ > /dev/null 2>&1"
  2⤵
  PID:713
- - /bin/cp
    cp -f /tmp/ac7cbd47c811bab61a2bf6344b6f6692.elf /etc/init.d/
    3⤵
    - Reads runtime system information
    PID:715

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/uwie4nb988k7f2884f2/0g871vd2kmlboq8b6e05edb

Filesize
221KB

MD5
a2a3b869c794effa186f2505be0badb3

SHA1
f697370323e310db4e8659a7094a0f48923b859f

SHA256
f094c6fa612ead1aa51f1780e0f0b42783e919f3d80fa8d664248b68c79bddf6

SHA512
27825f314126b80a6c57340ee9be9afd6107f9ff03efd8bd72a62e096b8a3141e781c80f2e90d03acce5047d1c4e96ee15e98fc0041e2fb533da06146646142d

Download Submit
/tmp/uwie4nb988k7f2884f2/ld-uClibc.so.1

Filesize
34KB

MD5
ac7ac012b52a4e79858b13d086f7e33f

SHA1
21352b21216ba66f2d605c08db08532bb3fab8c9

SHA256
2d31b1955f5558007c5df752e4c4556c91baa4bede2222853cc234a1e6fc6442

SHA512
9436dfb60f37de9b2cb18e51ba3b853a350ba2ff5e41bce7763abcf0d410cbaae4a4a41d09d1682185f31e22dd52738907b0cae26e5dee0cc3b3ead2cff0d13d

Download Submit
/tmp/uwie4nb988k7f2884f2/libc.so.0

Filesize
620KB

MD5
f0fe9684f81a3a1ecb8920dbb6eba943

SHA1
12c276d10c9154a04b9948ae0ce5669621cdf3df

SHA256
611ea6e33eccaf409d93a7648d766ad47a75eb16a9ac42c9a5dc0050a21ec4b3

SHA512
666932b65fbcd52fcd154e855e1a2ad1057e44167504b71d45bc3f3f537165c094126b6feca34813b59c5e13a00c194a33a93fd3d6e36f5f97a886a52e418329

Download Submit