Analysis

  • max time kernel
    149s
  • max time network
    96s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240611-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    31/10/2024, 03:49

General

  • Target

    c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf

  • Size

    2.8MB

  • MD5

    e5db83e5666f177068d2cfed20365dae

  • SHA1

    9081937aa3ac53b53bbf436e1bb26d8d3cda3508

  • SHA256

    c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30

  • SHA512

    b1be3ea94b3a7c9178ceded08942d128f462a3ad1e79f8c84c472eaab6c60d0f62d92cfc364807a919bf67b066d259bdf445ca9573dd6647bbf251cb64225365

  • SSDEEP

    49152:7H+ggcr5hrs4jOqmlZko3QemMzIOi48FMOfl5CTyxWLg:7GcLrpjalZdCMb1GfnxxWs

Malware Config

Signatures

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 1 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads system network configuration 1 TTPs 6 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 11 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf
    /tmp/c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf
    1⤵
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:707
    • /bin/bash
      /bin/bash -c uptime
      2⤵
        PID:736
      • /usr/bin/uptime
        uptime
        2⤵
        • Virtualization/Sandbox Evasion: Time Based Evasion
        • Reads CPU attributes
        • Reads runtime system information
        PID:736
      • /bin/bash
        bash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$2}'"
        2⤵
          PID:739
          • /bin/cat
            cat /proc/net/dev
            3⤵
            • Reads system network configuration
            PID:741
          • /bin/grep
            grep enp0s19
            3⤵
              PID:742
            • /usr/bin/awk
              awk "{print \$2}"
              3⤵
              • Reads runtime system information
              PID:743
          • /bin/bash
            bash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$10}'"
            2⤵
              PID:746
              • /bin/cat
                cat /proc/net/dev
                3⤵
                • Reads system network configuration
                PID:747
              • /bin/grep
                grep enp0s19
                3⤵
                  PID:748
                • /usr/bin/awk
                  awk "{print \$10}"
                  3⤵
                  • Reads runtime system information
                  PID:749
              • /bin/bash
                bash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$2}'"
                2⤵
                  PID:830
                  • /bin/cat
                    cat /proc/net/dev
                    3⤵
                    • Reads system network configuration
                    PID:831
                  • /bin/grep
                    grep enp0s19
                    3⤵
                      PID:832
                    • /usr/bin/awk
                      awk "{print \$2}"
                      3⤵
                      • Reads runtime system information
                      PID:833
                  • /bin/bash
                    bash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$10}'"
                    2⤵
                      PID:834
                      • /bin/cat
                        cat /proc/net/dev
                        3⤵
                        • Reads system network configuration
                        PID:835
                      • /bin/grep
                        grep enp0s19
                        3⤵
                          PID:836
                        • /usr/bin/awk
                          awk "{print \$10}"
                          3⤵
                          • Reads runtime system information
                          PID:837
                      • /bin/bash
                        bash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$2}'"
                        2⤵
                          PID:838
                          • /bin/cat
                            cat /proc/net/dev
                            3⤵
                            • Reads system network configuration
                            PID:839
                          • /bin/grep
                            grep enp0s19
                            3⤵
                              PID:840
                            • /usr/bin/awk
                              awk "{print \$2}"
                              3⤵
                              • Reads runtime system information
                              PID:841
                          • /bin/bash
                            bash -c "cat /proc/net/dev |grep enp0s19 |awk '{print \$10}'"
                            2⤵
                              PID:842
                              • /bin/grep
                                grep enp0s19
                                3⤵
                                  PID:844
                                • /bin/cat
                                  cat /proc/net/dev
                                  3⤵
                                  • Reads system network configuration
                                  PID:843
                                • /usr/bin/awk
                                  awk "{print \$10}"
                                  3⤵
                                  • Reads runtime system information
                                  PID:845

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads