f2c832b5aeb16ec1353b578f15c4ea723f3f7b950f2e94ef9cb2514941a1f85b

Analysis

max time kernel
139s
max time network
150s
platform
debian-9_mips
resource
debian9-mipsbe-20240418-en
resource tags

arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
22/08/2024, 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2c832b5aeb16ec1353b578f15c4ea723f3f7b950f2e94ef9cb2514941a1f85b.elf
Size

91KB
MD5

4c145f3a4f70062e99d8dbb5cbd532c1
SHA1

75f6a59d771d0e3e20c8b3a429954195995d19ab
SHA256

f2c832b5aeb16ec1353b578f15c4ea723f3f7b950f2e94ef9cb2514941a1f85b
SHA512

4626dd9a0bbedc510dd1062e49d6aeef8a61f0252371afdca87dc1d8e710ea2b2f3a6bd1cbf729f7c29c465fed230ca7c9970c2d9c6b353fe01b3233cae584d4
SSDEEP

1536:aE2c8jcS2+SfGXNPMtQKhLKh4OhN+fcLLOkibZeb4MFvuJFre:dVS2XfG9PMtHcLLOHbmvuby

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (68043) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Renames itself 1 IoCs

pid	Process
728	f2c832b5aeb16ec1353b578f15c4ea723f3f7b950f2e94ef9cb2514941a1f85b.elf

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	80.152.203.134
Destination IP	185.181.61.24
Destination IP	178.254.22.166
Destination IP	64.176.6.48

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/bin/sh /etc/init.d/rcS	728	f2c832b5aeb16ec1353b578f15c4ea723f3f7b950f2e94ef9cb2514941a1f85b.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/mounts	f2c832b5aeb16ec1353b578f15c4ea723f3f7b950f2e94ef9cb2514941a1f85b.elf

/tmp/f2c832b5aeb16ec1353b578f15c4ea723f3f7b950f2e94ef9cb2514941a1f85b.elf
/tmp/f2c832b5aeb16ec1353b578f15c4ea723f3f7b950f2e94ef9cb2514941a1f85b.elf
1⤵
- Renames itself
- Changes its process name
- Reads runtime system information
PID:728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...