Malware Analysis Report

2025-08-05 11:48

Sample ID 241031-edc8kayhnh
Target c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf
SHA256 c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30
Tags
upx defense_evasion discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30

Threat Level: Likely benign

The file c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf was found to be: Likely benign.

Malicious Activity Summary

upx defense_evasion discovery

UPX packed file

Virtualization/Sandbox Evasion: Time Based Evasion

Reads system network configuration

Reads CPU attributes

Enumerates kernel/hardware configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-31 03:49

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-31 03:49

Reported

2024-10-31 03:51

Platform

debian9-mipsel-20240611-en

Max time kernel

149s

Max time network

96s

Command Line

[/tmp/c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf]

Signatures

Virtualization/Sandbox Evasion: Time Based Evasion

defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/uptime N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A

Reads system network configuration

discovery
Description Indicator Process Target
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/kernel/osrelease /usr/bin/uptime N/A
File opened for reading /proc/uptime /usr/bin/uptime N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/self/exe /tmp/c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf N/A
File opened for reading /proc/loadavg /usr/bin/uptime N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/filesystems /usr/bin/uptime N/A

Processes

/tmp/c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf

[/tmp/c3bbaa3de9610294c6bc7bb05729084943ab02356d79bd53224454d918010a30.elf]

/bin/bash

[/bin/bash -c uptime]

/usr/bin/uptime

[uptime]

/bin/bash

[bash -c cat /proc/net/dev |grep enp0s19 |awk '{print $2}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep enp0s19]

/usr/bin/awk

[awk {print $2}]

/bin/bash

[bash -c cat /proc/net/dev |grep enp0s19 |awk '{print $10}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep enp0s19]

/usr/bin/awk

[awk {print $10}]

/bin/bash

[bash -c cat /proc/net/dev |grep enp0s19 |awk '{print $2}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep enp0s19]

/usr/bin/awk

[awk {print $2}]

/bin/bash

[bash -c cat /proc/net/dev |grep enp0s19 |awk '{print $10}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep enp0s19]

/usr/bin/awk

[awk {print $10}]

/bin/bash

[bash -c cat /proc/net/dev |grep enp0s19 |awk '{print $2}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep enp0s19]

/usr/bin/awk

[awk {print $2}]

/bin/bash

[bash -c cat /proc/net/dev |grep enp0s19 |awk '{print $10}']

/bin/grep

[grep enp0s19]

/bin/cat

[cat /proc/net/dev]

/usr/bin/awk

[awk {print $10}]

Network

Country Destination Domain Proto
US 1.1.1.1:53 column.mrbasic.com udp
US 1.1.1.1:53 column.mrbasic.com udp
US 1.1.1.1:53 column.mrbasic.com udp
US 1.1.1.1:53 column.mrbasic.com udp
US 1.1.1.1:53 column.mrbasic.com udp
US 1.1.1.1:53 column.mrbasic.com udp
US 1.1.1.1:53 column.mrbasic.com udp
US 1.1.1.1:53 column.mrbasic.com udp
RU 38.60.221.32:80 column.mrbasic.com tcp

Files

memory/707-1-0x00010000-0x00f91ce0-memory.dmp