Analysis
-
max time kernel
124s -
max time network
158s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
06-07-2024 14:02
Behavioral task
behavioral1
Sample
5cc75a2f68170f6c97c6760a75162b38.elf
Resource
debian9-mipsbe-20240611-en
General
-
Target
5cc75a2f68170f6c97c6760a75162b38.elf
-
Size
193KB
-
MD5
5cc75a2f68170f6c97c6760a75162b38
-
SHA1
af525c11b74d82615db1774d85b2f844d2cddad9
-
SHA256
c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb
-
SHA512
b9af17d83c5857801cc8dca912db6b005c63d2b6fdb5d8b11e8340d60162808c942a041a7db4787a20c85f7762897c6fae0f2c1fc2a9a83afcf63382a489fb28
-
SSDEEP
3072:jf7iWCJ/Y9UvxLQyrCf2RG4hrNWlqmOUUH5Msqc:jf7vCJ/rQjmpBMl6Uo5M9c
Malware Config
Signatures
-
Contacts a large (49902) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
Processes:
5cc75a2f68170f6c97c6760a75162b38.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself )5+ 711 5cc75a2f68170f6c97c6760a75162b38.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
5cc75a2f68170f6c97c6760a75162b38.elfdescription ioc process File opened for reading /proc/23/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/112/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/725/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/16/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/21/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/322/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/705/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/729/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/5/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/76/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/473/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/77/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/78/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/113/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/691/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/732/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/17/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/36/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/73/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/740/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/408/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/710/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/748/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/3/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/10/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/147/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/355/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/704/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/724/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/727/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/731/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/19/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/72/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/321/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/741/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/74/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/83/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/164/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/706/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/718/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/2/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/12/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/37/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/730/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/739/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/746/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/726/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/15/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/22/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/508/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/18/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/71/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/104/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/715/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/717/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/7/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/9/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/13/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/734/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/744/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/738/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/747/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/380/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf File opened for reading /proc/709/cmdline 5cc75a2f68170f6c97c6760a75162b38.elf