2aad3d382c775327e79be4d3c65beee14c5040f0b6d7b4ee0f985c65f1546d9a

Analysis

max time kernel
149s
max time network
149s
platform
debian-9_mips
resource
debian9-mipsbe-20240418-en
resource tags

arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
06/10/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.mips.elf
Size

169KB
MD5

72440eee8c68697534770929f17d6e9c
SHA1

6cac8e7835026a8c3be56d8787e808fbc45c2a22
SHA256

2aad3d382c775327e79be4d3c65beee14c5040f0b6d7b4ee0f985c65f1546d9a
SHA512

6e1af9a89f5dd7fe9e159636fd021838b29db6b7a7e10bbb256295d0f0f6dca06534a4a836d49e24fbfa99dea1240298141f0b409c7175ee9c6ab5945d73b680
SSDEEP

1536:Cl2JvnXPvLCQuchMJdDNsCK9H1R8cA2iQembSM+xV7TfF+hPyO0Hb/zPt/Y:Cgv/IcwZsCK9VRhAX+bShFSP0HbbPlY

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	738	bot.mips.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/4/cmdline	bot.mips.elf
File opened for reading	/proc/752/cmdline	bot.mips.elf
File opened for reading	/proc/757/cmdline	bot.mips.elf
File opened for reading	/proc/803/cmdline	bot.mips.elf
File opened for reading	/proc/73/cmdline	bot.mips.elf
File opened for reading	/proc/701/cmdline	bot.mips.elf
File opened for reading	/proc/771/cmdline	bot.mips.elf
File opened for reading	/proc/819/cmdline	bot.mips.elf
File opened for reading	/proc/804/cmdline	bot.mips.elf
File opened for reading	/proc/811/cmdline	bot.mips.elf
File opened for reading	/proc/814/cmdline	bot.mips.elf
File opened for reading	/proc/2/cmdline	bot.mips.elf
File opened for reading	/proc/77/cmdline	bot.mips.elf
File opened for reading	/proc/229/cmdline	bot.mips.elf
File opened for reading	/proc/698/cmdline	bot.mips.elf
File opened for reading	/proc/742/cmdline	bot.mips.elf
File opened for reading	/proc/751/cmdline	bot.mips.elf
File opened for reading	/proc/754/cmdline	bot.mips.elf
File opened for reading	/proc/769/cmdline	bot.mips.elf
File opened for reading	/proc/781/cmdline	bot.mips.elf
File opened for reading	/proc/808/cmdline	bot.mips.elf
File opened for reading	/proc/821/cmdline	bot.mips.elf
File opened for reading	/proc/837/cmdline	bot.mips.elf
File opened for reading	/proc/10/cmdline	bot.mips.elf
File opened for reading	/proc/730/cmdline	bot.mips.elf
File opened for reading	/proc/785/cmdline	bot.mips.elf
File opened for reading	/proc/795/cmdline	bot.mips.elf
File opened for reading	/proc/816/cmdline	bot.mips.elf
File opened for reading	/proc/830/cmdline	bot.mips.elf
File opened for reading	/proc/831/cmdline	bot.mips.elf
File opened for reading	/proc/13/cmdline	bot.mips.elf
File opened for reading	/proc/79/cmdline	bot.mips.elf
File opened for reading	/proc/359/cmdline	bot.mips.elf
File opened for reading	/proc/778/cmdline	bot.mips.elf
File opened for reading	/proc/818/cmdline	bot.mips.elf
File opened for reading	/proc/822/cmdline	bot.mips.elf
File opened for reading	/proc/72/cmdline	bot.mips.elf
File opened for reading	/proc/172/cmdline	bot.mips.elf
File opened for reading	/proc/327/cmdline	bot.mips.elf
File opened for reading	/proc/749/cmdline	bot.mips.elf
File opened for reading	/proc/767/cmdline	bot.mips.elf
File opened for reading	/proc/779/cmdline	bot.mips.elf
File opened for reading	/proc/798/cmdline	bot.mips.elf
File opened for reading	/proc/832/cmdline	bot.mips.elf
File opened for reading	/proc/1/cmdline	bot.mips.elf
File opened for reading	/proc/739/cmdline	bot.mips.elf
File opened for reading	/proc/802/cmdline	bot.mips.elf
File opened for reading	/proc/8/cmdline	bot.mips.elf
File opened for reading	/proc/109/cmdline	bot.mips.elf
File opened for reading	/proc/761/cmdline	bot.mips.elf
File opened for reading	/proc/772/cmdline	bot.mips.elf
File opened for reading	/proc/828/cmdline	bot.mips.elf
File opened for reading	/proc/124/cmdline	bot.mips.elf
File opened for reading	/proc/794/cmdline	bot.mips.elf
File opened for reading	/proc/799/cmdline	bot.mips.elf
File opened for reading	/proc/801/cmdline	bot.mips.elf
File opened for reading	/proc/74/cmdline	bot.mips.elf
File opened for reading	/proc/358/cmdline	bot.mips.elf
File opened for reading	/proc/760/cmdline	bot.mips.elf
File opened for reading	/proc/827/cmdline	bot.mips.elf
File opened for reading	/proc/76/cmdline	bot.mips.elf
File opened for reading	/proc/671/cmdline	bot.mips.elf
File opened for reading	/proc/777/cmdline	bot.mips.elf
File opened for reading	/proc/826/cmdline	bot.mips.elf

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
738	bot.mips.elf

/tmp/bot.mips.elf
/tmp/bot.mips.elf
1⤵
- Changes its process name
- Reads runtime system information
- System Network Configuration Discovery
PID:738

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads