Analysis
-
max time kernel
149s -
max time network
96s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
31/10/2024, 03:49
Behavioral task
behavioral1
Sample
c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf
Resource
debian9-mipsel-20240611-en
General
-
Target
c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf
-
Size
2.8MB
-
MD5
e5db83e5666f177068d2cfed20365dae
-
SHA1
9081937aa3ac53b53bbf436e1bb26d8d3cda3508
-
SHA256
c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30
-
SHA512
b1be3ea94b3a7c9178ceded08942d128f462a3ad1e79f8c84c472eaab6c60d0f62d92cfc364807a919bf67b066d259bdf445ca9573dd6647bbf251cb64225365
-
SSDEEP
49152:7H+ggcr5hrs4jOqmlZko3QemMzIOi48FMOfl5CTyxWLg:7GcLrpjalZdCMb1GfnxxWs
Malware Config
Signatures
-
Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 1 IoCs
Adversaries may detect and evade virtualized environments and sandboxes.
pid Process 736 uptime -
Reads CPU attributes 1 TTPs 1 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online uptime -
Reads system network configuration 1 TTPs 6 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf -
description ioc Process File opened for reading /proc/sys/kernel/osrelease uptime File opened for reading /proc/uptime uptime File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps awk File opened for reading /proc/self/exe c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf File opened for reading /proc/loadavg uptime File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps awk File opened for reading /proc/filesystems uptime
Processes
-
/tmp/c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf/tmp/c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:707 -
/bin/bash/bin/bash -c uptime2⤵PID:736
-
-
/usr/bin/uptimeuptime2⤵
- Virtualization/Sandbox Evasion: Time Based Evasion
- Reads CPU attributes
- Reads runtime system information
PID:736
-
-
/bin/bashbash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$2}'"2⤵PID:739
-
/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:741
-
-
/bin/grepgrep enp0s193⤵PID:742
-
-
/usr/bin/awkawk "{print \$2}"3⤵
- Reads runtime system information
PID:743
-
-
-
/bin/bashbash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$10}'"2⤵PID:746
-
/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:747
-
-
/bin/grepgrep enp0s193⤵PID:748
-
-
/usr/bin/awkawk "{print \$10}"3⤵
- Reads runtime system information
PID:749
-
-
-
/bin/bashbash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$2}'"2⤵PID:830
-
/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:831
-
-
/bin/grepgrep enp0s193⤵PID:832
-
-
/usr/bin/awkawk "{print \$2}"3⤵
- Reads runtime system information
PID:833
-
-
-
/bin/bashbash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$10}'"2⤵PID:834
-
/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:835
-
-
/bin/grepgrep enp0s193⤵PID:836
-
-
/usr/bin/awkawk "{print \$10}"3⤵
- Reads runtime system information
PID:837
-
-
-
/bin/bashbash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$2}'"2⤵PID:838
-
/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:839
-
-
/bin/grepgrep enp0s193⤵PID:840
-
-
/usr/bin/awkawk "{print \$2}"3⤵
- Reads runtime system information
PID:841
-
-
-
/bin/bashbash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$10}'"2⤵PID:842
-
/bin/grepgrep enp0s193⤵PID:844
-
-
/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:843
-
-
/usr/bin/awkawk "{print \$10}"3⤵
- Reads runtime system information
PID:845
-
-