Analysis
-
max time kernel
150s -
max time network
156s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
02/08/2024, 03:41
Static task
static1
Behavioral task
behavioral1
Sample
45.66.231.148-mipsel-2024-08-02T060058.elf
Resource
debian9-mipsel-20240226-en
debian-9-mipsel
6 signatures
150 seconds
General
-
Target
45.66.231.148-mipsel-2024-08-02T060058.elf
-
Size
77KB
-
MD5
de45d4420935c481fadb2f63abcc6fd9
-
SHA1
2167f9a78319d70f57f171586b39e03129b976c0
-
SHA256
64cbfeed9cb6df41c72279051cc2d319f37f2e899aaec37a4ec2d8fdbe424f6b
-
SHA512
120f086312030ce1ac343b9e861d87f962efe136fb422a5c343042a30e8eb4b8d74e456b16296810486c24434b9049e852054fc32a7e9dce935821e781ca1ca2
-
SSDEEP
1536:4eTY2/ZAXNNlhz4PO16wqOXmTZbOCWdmvnB:N/ZAXLl+PTQoCSB
Score
9/10
Malware Config
Signatures
-
Contacts a large (22553) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes itself 1 IoCs
pid 709 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself 709 -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/779/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/24/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/80/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/10/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/904/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/848/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/703/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/749/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/910/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/151/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/835/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/843/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/7/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/20/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/914/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/709/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/816/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/76/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/116/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/895/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/37/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/71/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/705/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/806/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/69/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/70/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/339/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/746/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/762/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/9/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/21/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/2/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/229/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/383/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/896/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/9/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/166/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/886/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/74/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/711/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/758/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/813/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/828/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/509/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/755/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/706/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/711/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/798/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/77/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/82/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/36/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/17/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/70/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/770/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/855/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/714/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/741/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/775/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/868/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/36/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/863/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/23/exe 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/105/maps 45.66.231.148-mipsel-2024-08-02T060058.elf File opened for reading /proc/740/maps 45.66.231.148-mipsel-2024-08-02T060058.elf