Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
08-07-2024 03:21
Behavioral task
behavioral1
Sample
c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
Resource
debian9-mipsbe-20240611-en
General
-
Target
c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
-
Size
193KB
-
MD5
5cc75a2f68170f6c97c6760a75162b38
-
SHA1
af525c11b74d82615db1774d85b2f844d2cddad9
-
SHA256
c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb
-
SHA512
b9af17d83c5857801cc8dca912db6b005c63d2b6fdb5d8b11e8340d60162808c942a041a7db4787a20c85f7762897c6fae0f2c1fc2a9a83afcf63382a489fb28
-
SSDEEP
3072:jf7iWCJ/Y9UvxLQyrCf2RG4hrNWlqmOUUH5Msqc:jf7vCJ/rQjmpBMl6Uo5M9c
Malware Config
Signatures
-
Contacts a large (72159) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
Processes:
c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself )5+ 707 c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elfdescription ioc process File opened for reading /proc/23/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/708/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/744/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/3/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/5/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/764/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/17/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/21/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/773/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/82/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/772/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/767/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/785/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/77/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/679/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/84/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/687/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/714/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/759/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/10/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/37/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/736/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/784/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/19/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/124/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/739/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/755/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/763/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/6/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/713/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/778/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/783/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/16/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/20/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/752/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/758/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/671/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/749/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/720/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/728/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/729/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/730/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/735/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/151/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/719/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/22/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/330/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/726/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/757/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/73/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/354/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/723/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/724/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/762/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/24/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/381/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/78/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/353/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/704/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/706/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/737/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/745/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/11/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf File opened for reading /proc/13/cmdline c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf