Analysis Overview
SHA256
a1da53cd71a52c9ad1e42f19b8a7c24335fb22c0e3eef5d7b91a5919bc24612e
Threat Level: Likely benign
The file mips.elf was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Reads system network configuration
Checks CPU configuration
Reads CPU attributes
Reads runtime system information
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 18:23
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 18:23
Reported
2024-10-28 18:25
Platform
debian12-mipsel-20240221-en
Max time kernel
152s
Max time network
164s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /tmp/mips.elf | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /tmp/mips.elf | N/A |
Reads system network configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/net/dev | /tmp/mips.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/stat | /tmp/mips.elf | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/sed | N/A |
| N/A | N/A | /bin/sh | N/A |
| N/A | N/A | /tmp/mips.elf | N/A |
| N/A | N/A | /bin/sh | N/A |
| N/A | N/A | /bin/sh | N/A |
| N/A | N/A | /usr/bin/sed | N/A |
| N/A | N/A | /usr/bin/sed | N/A |
| N/A | N/A | /bin/sh | N/A |
| N/A | N/A | /usr/bin/sed | N/A |
Processes
/tmp/mips.elf
[/tmp/mips.elf]
/bin/sh
[sh -c sed -i -e '/exit/d' /etc/rc.local]
/usr/bin/sed
[sed -i -e /exit/d /etc/rc.local]
/bin/sh
[sh -c sed -i -e '/^ | | $/d' /etc/rc.local]
/usr/bin/sed
[sed -i -e /^ | | $/d /etc/rc.local]
/bin/sh
[sh -c sed -i -e '/mips.elf reboot/d' /etc/rc.local]
/usr/bin/sed
[sed -i -e /mips.elf reboot/d /etc/rc.local]
/bin/sh
[sh -c sed -i -e '2 i/tmp/mips.elf reboot' /etc/rc.local]
/usr/bin/sed
[sed -i -e 2 i/tmp/mips.elf reboot /etc/rc.local]
/bin/sh
[sh -c sed -i -e '2 i/tmp/mips.elf reboot start' /etc/rc.d/rc.local]
/usr/bin/sed
[sed -i -e 2 i/tmp/mips.elf reboot start /etc/rc.d/rc.local]
/bin/sh
[sh -c sed -i -e '2 i/tmp/mips.elf reboot start' /etc/init.d/boot.local]
/usr/bin/sed
[sed -i -e 2 i/tmp/mips.elf reboot start /etc/init.d/boot.local]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-0 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-0 | udp |
| CN | 47.98.247.119:48083 | tcp | |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-0 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-0 | udp |
| CN | 47.98.247.119:48083 | tcp | |
| CN | 47.98.247.119:48083 | tcp | |
| CN | 47.98.247.119:48083 | tcp | |
| CN | 47.98.247.119:48083 | tcp | |
| CN | 47.98.247.119:48083 | tcp |
Files
memory/742-1-0x00400000-0x004dbd44-memory.dmp