Malware Analysis Report

2024-11-13 16:11

Sample ID 241101-daqttaxncr
Target 2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf
SHA256 2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06
Tags
kaiji discovery execution persistence privilege_escalatio
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06

Threat Level: Known bad

The file 2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf was found to be: Known bad.

Malicious Activity Summary

kaiji discovery execution persistence privilege_escalatio

Kaiji

kaiji_chaosbot

Kaiji family

Executes dropped EXE

Creates/modifies Cron job

Enumerates running processes

Reads CPU attributes

Changes its process name

Reads runtime system information

Enumerates kernel/hardware configuration

GoLang User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-01 02:48

Signatures

Kaiji

Description Indicator Process Target
N/A N/A N/A N/A

Kaiji family

kaiji

kaiji_chaosbot

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-01 02:48

Reported

2024-11-01 02:51

Platform

debian9-mipsel-20240611-en

Max time kernel

149s

Max time network

153s

Command Line

[/tmp/2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf]

Signatures

Kaiji

Description Indicator Process Target
N/A N/A N/A N/A

Kaiji family

kaiji

kaiji_chaosbot

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A /etc/32678 /etc/32678 N/A
N/A /etc/id.services.conf /etc/id.services.conf N/A
N/A /etc/32678 /etc/32678 N/A
N/A /etc/id.services.conf /etc/id.services.conf N/A
N/A /etc/id.services.conf /etc/id.services.conf N/A
N/A /etc/32678 /etc/32678 N/A
N/A /etc/id.services.conf /etc/id.services.conf N/A

Creates/modifies Cron job

execution persistence privilege_escalatio
Description Indicator Process Target
File opened for modification /etc/crontab /bin/bash N/A

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself ksoftirqd/0 /tmp/2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /etc/id.services.conf N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /etc/id.services.conf N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /etc/id.services.conf N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /etc/id.services.conf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/systemctl N/A
File opened for reading /proc/2/status /usr/bin/pkill N/A
File opened for reading /proc/36/cmdline /usr/bin/pkill N/A
File opened for reading /proc/73/cmdline /usr/bin/pkill N/A
File opened for reading /proc/74/cmdline /usr/bin/pkill N/A
File opened for reading /proc/76/cmdline /usr/bin/pkill N/A
File opened for reading /proc/5/cmdline /usr/bin/pkill N/A
File opened for reading /proc/9/cmdline /usr/bin/pkill N/A
File opened for reading /proc/9/status /usr/bin/pkill N/A
File opened for reading /proc/17/cmdline /usr/bin/pkill N/A
File opened for reading /proc/379/status /usr/bin/pkill N/A
File opened for reading /proc/710/cmdline /usr/bin/pkill N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/2/cmdline /usr/bin/pkill N/A
File opened for reading /proc/236/cmdline /usr/bin/pkill N/A
File opened for reading /proc/706/cmdline /usr/bin/pkill N/A
File opened for reading /proc/704/cmdline /usr/bin/pkill N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/19/status /usr/bin/pkill N/A
File opened for reading /proc/77/cmdline /usr/bin/pkill N/A
File opened for reading /proc/11/cmdline /usr/bin/pkill N/A
File opened for reading /proc/23/cmdline /usr/bin/pkill N/A
File opened for reading /proc/670/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1/environ /bin/systemctl N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/70/cmdline /usr/bin/pkill N/A
File opened for reading /proc/147/status /usr/bin/pkill N/A
File opened for reading /proc/782/cmdline /usr/bin/pkill N/A
File opened for reading /proc/18/status /usr/bin/pkill N/A
File opened for reading /proc/72/cmdline /usr/bin/pkill N/A
File opened for reading /proc/filesystems /bin/systemctl N/A
File opened for reading /proc/23/cmdline /usr/bin/pkill N/A
File opened for reading /proc/37/status /usr/bin/pkill N/A
File opened for reading /proc/114/cmdline /usr/bin/pkill N/A
File opened for reading /proc/773/status /usr/bin/pkill N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/78/cmdline /usr/bin/pkill N/A
File opened for reading /proc/822/status /usr/bin/pkill N/A
File opened for reading /proc/21/cmdline /usr/bin/pkill N/A
File opened for reading /proc/77/cmdline /usr/bin/pkill N/A
File opened for reading /proc/778/status /usr/bin/pkill N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/113/cmdline /usr/bin/pkill N/A
File opened for reading /proc/670/cmdline /usr/bin/pkill N/A
File opened for reading /proc/716/status /usr/bin/pkill N/A
File opened for reading /proc/725/status /usr/bin/pkill N/A
File opened for reading /proc/filesystems /bin/systemctl N/A
File opened for reading /proc/24/status /usr/bin/pkill N/A
File opened for reading /proc/37/status /usr/bin/pkill N/A
File opened for reading /proc/76/status /usr/bin/pkill N/A
File opened for reading /proc/143/cmdline /usr/bin/pkill N/A
File opened for reading /proc/670/status /usr/bin/pkill N/A
File opened for reading /proc/36/status /usr/bin/pkill N/A
File opened for reading /proc/self/stat /bin/systemctl N/A
File opened for reading /proc/1/environ /bin/systemctl N/A
File opened for reading /proc/19/cmdline /usr/bin/pkill N/A
File opened for reading /proc/20/status /usr/bin/pkill N/A
File opened for reading /proc/self/stat /bin/systemctl N/A
File opened for reading /proc/81/cmdline /usr/bin/pkill N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/1/environ /bin/systemctl N/A
File opened for reading /proc/6/cmdline /usr/bin/pkill N/A

GoLang User-Agent

Description Indicator Process Target
HTTP User-Agent header Go-http-client/1.1 N/A N/A

Processes

/tmp/2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf

[/tmp/2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf]

/bin/sh

[sh -c /etc/32678&]

/usr/sbin/service

[service crond start]

/tmp/2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf

[/tmp/2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06.elf ]

/etc/32678

[/etc/32678]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/sleep

[sleep 60]

/usr/sbin/update-rc.d

[update-rc.d linux_kill defaults]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/local/sbin/systemctl

[systemctl daemon-reload]

/usr/local/bin/systemctl

[systemctl daemon-reload]

/usr/sbin/systemctl

[systemctl daemon-reload]

/usr/bin/systemctl

[systemctl daemon-reload]

/sbin/systemctl

[systemctl daemon-reload]

/bin/systemctl

[systemctl daemon-reload]

/bin/bash

[bash -c echo "*/1 * * * * root /.img " >> /etc/crontab]

/usr/bin/renice

[renice -20 725]

/bin/mount

[mount -o bind /tmp/ /proc/725]

/usr/sbin/service

[service cron start]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/bin/systemctl

[systemctl start crond.service]

/etc/id.services.conf

[/etc/id.services.conf]

/usr/bin/pkill

[pkill -9 32678]

/bin/sh

[sh -c /etc/32678&]

/usr/sbin/service

[service crond start]

/etc/32678

[/etc/32678]

/etc/id.services.conf

[/etc/id.services.conf ]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/sleep

[sleep 60]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/systemctl

[systemctl -p Triggers show dbus.socket]

/bin/systemctl

[systemctl -p Triggers show ssh.socket]

/bin/systemctl

[systemctl -p Triggers show syslog.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-fsckd.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-initctl.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald-audit.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald-dev-log.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-networkd.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-rfkill.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-udevd-control.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-udevd-kernel.socket]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/etc/id.services.conf

[/etc/id.services.conf]

/usr/bin/pkill

[pkill -9 32678]

/bin/sh

[sh -c /etc/32678&]

/usr/sbin/service

[service crond start]

/etc/32678

[/etc/32678]

/usr/bin/basename

[basename /usr/sbin/service]

/etc/id.services.conf

[/etc/id.services.conf ]

/bin/sleep

[sleep 60]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

Network

Country Destination Domain Proto
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 78789.dns.army udp
US 1.1.1.1:53 78789.dns.army udp
HK 149.88.76.121:808 78789.dns.army tcp
HK 149.88.76.121:8088 78789.dns.army tcp
N/A 10.127.0.1:22 tcp
N/A 10.127.0.2:22 tcp
N/A 10.127.0.3:22 tcp
N/A 10.127.0.4:22 tcp
N/A 10.127.0.5:22 tcp
N/A 10.127.0.6:22 tcp
N/A 10.127.0.10:22 tcp
N/A 10.127.0.9:22 tcp
N/A 10.127.0.8:22 tcp
N/A 10.127.0.7:22 tcp
N/A 10.127.0.11:22 tcp
N/A 10.127.0.15:22 tcp
N/A 10.127.0.14:22 tcp
N/A 10.127.0.12:22 tcp
N/A 10.127.0.13:22 tcp
N/A 10.127.0.20:22 tcp
N/A 10.127.0.18:22 tcp
N/A 10.127.0.17:22 tcp
N/A 10.127.0.16:22 tcp
N/A 10.127.0.19:22 tcp
N/A 10.127.0.22:22 tcp
N/A 10.127.0.25:22 tcp
N/A 10.127.0.24:22 tcp
N/A 10.127.0.23:22 tcp
N/A 10.127.0.21:22 tcp
N/A 10.127.0.27:22 tcp
N/A 10.127.0.28:22 tcp
N/A 10.127.0.26:22 tcp
N/A 10.127.0.29:22 tcp
N/A 10.127.0.30:22 tcp
N/A 10.127.0.31:22 tcp
N/A 10.127.0.32:22 tcp
N/A 10.127.0.34:22 tcp
N/A 10.127.0.33:22 tcp
N/A 10.127.0.35:22 tcp
N/A 10.127.0.37:22 tcp
N/A 10.127.0.36:22 tcp
N/A 10.127.0.40:22 tcp
N/A 10.127.0.38:22 tcp
N/A 10.127.0.39:22 tcp
N/A 10.127.0.45:22 tcp
N/A 10.127.0.43:22 tcp
N/A 10.127.0.41:22 tcp
N/A 10.127.0.44:22 tcp
N/A 10.127.0.42:22 tcp
N/A 10.127.0.47:22 tcp
N/A 10.127.0.46:22 tcp
N/A 10.127.0.48:22 tcp
N/A 10.127.0.50:22 tcp
N/A 10.127.0.49:22 tcp
N/A 10.127.0.54:22 tcp
N/A 10.127.0.52:22 tcp
N/A 10.127.0.55:22 tcp
N/A 10.127.0.51:22 tcp
N/A 10.127.0.53:22 tcp
N/A 10.127.0.59:22 tcp
N/A 10.127.0.60:22 tcp
N/A 10.127.0.57:22 tcp
N/A 10.127.0.56:22 tcp
N/A 10.127.0.58:22 tcp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
N/A 10.127.0.63:22 tcp
N/A 10.127.0.65:22 tcp
N/A 10.127.0.62:22 tcp
N/A 10.127.0.64:22 tcp
N/A 10.127.0.61:22 tcp
N/A 10.127.0.68:22 tcp
N/A 10.127.0.69:22 tcp
N/A 10.127.0.66:22 tcp
N/A 10.127.0.67:22 tcp
N/A 10.127.0.70:22 tcp
N/A 10.127.0.74:22 tcp
N/A 10.127.0.73:22 tcp
N/A 10.127.0.72:22 tcp
N/A 10.127.0.71:22 tcp
N/A 10.127.0.75:22 tcp
N/A 10.127.0.77:22 tcp
N/A 10.127.0.76:22 tcp
N/A 10.127.0.80:22 tcp
N/A 10.127.0.78:22 tcp
N/A 10.127.0.79:22 tcp
N/A 10.127.0.83:22 tcp
N/A 10.127.0.85:22 tcp
N/A 10.127.0.81:22 tcp
N/A 10.127.0.82:22 tcp
N/A 10.127.0.84:22 tcp
N/A 10.127.0.89:22 tcp
N/A 10.127.0.88:22 tcp
N/A 10.127.0.86:22 tcp
N/A 10.127.0.90:22 tcp
N/A 10.127.0.87:22 tcp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
N/A 10.127.0.94:22 tcp
N/A 10.127.0.92:22 tcp
N/A 10.127.0.93:22 tcp
N/A 10.127.0.91:22 tcp
N/A 10.127.0.95:22 tcp
N/A 10.127.0.100:22 tcp
N/A 10.127.0.97:22 tcp
N/A 10.127.0.99:22 tcp
N/A 10.127.0.98:22 tcp
N/A 10.127.0.96:22 tcp
N/A 10.127.0.105:22 tcp
N/A 10.127.0.101:22 tcp
N/A 10.127.0.104:22 tcp
N/A 10.127.0.102:22 tcp
N/A 10.127.0.103:22 tcp
N/A 10.127.0.107:22 tcp
N/A 10.127.0.109:22 tcp
N/A 10.127.0.108:22 tcp
N/A 10.127.0.106:22 tcp
N/A 10.127.0.110:22 tcp
N/A 10.127.0.113:22 tcp
N/A 10.127.0.115:22 tcp
N/A 10.127.0.112:22 tcp
N/A 10.127.0.114:22 tcp
N/A 10.127.0.111:22 tcp
N/A 10.127.0.119:22 tcp
N/A 10.127.0.116:22 tcp
N/A 10.127.0.120:22 tcp
N/A 10.127.0.118:22 tcp
N/A 10.127.0.117:22 tcp
N/A 10.127.0.121:22 tcp
N/A 10.127.0.125:22 tcp
N/A 10.127.0.122:22 tcp
N/A 10.127.0.123:22 tcp
N/A 10.127.0.124:22 tcp
N/A 10.127.0.126:22 tcp
N/A 10.127.0.127:22 tcp
N/A 10.127.0.129:22 tcp
N/A 10.127.0.128:22 tcp
N/A 10.127.0.130:22 tcp
N/A 10.127.0.134:22 tcp
N/A 10.127.0.133:22 tcp
N/A 10.127.0.132:22 tcp
N/A 10.127.0.131:22 tcp
N/A 10.127.0.135:22 tcp
N/A 10.127.0.136:22 tcp
N/A 10.127.0.137:22 tcp
N/A 10.127.0.140:22 tcp
N/A 10.127.0.139:22 tcp
N/A 10.127.0.138:22 tcp
N/A 10.127.0.141:22 tcp
N/A 10.127.0.145:22 tcp
N/A 10.127.0.144:22 tcp
N/A 10.127.0.143:22 tcp
N/A 10.127.0.142:22 tcp
N/A 10.127.0.146:22 tcp
N/A 10.127.0.148:22 tcp
N/A 10.127.0.149:22 tcp
N/A 10.127.0.147:22 tcp
N/A 10.127.0.150:22 tcp
N/A 10.127.0.153:22 tcp
N/A 10.127.0.152:22 tcp
N/A 10.127.0.155:22 tcp
N/A 10.127.0.151:22 tcp
N/A 10.127.0.154:22 tcp
N/A 10.127.0.159:22 tcp
N/A 10.127.0.158:22 tcp
N/A 10.127.0.156:22 tcp
N/A 10.127.0.157:22 tcp
N/A 10.127.0.161:22 tcp
N/A 10.127.0.163:22 tcp
N/A 10.127.0.162:22 tcp
N/A 10.127.0.164:22 tcp
N/A 10.127.0.168:22 tcp
N/A 10.127.0.165:22 tcp
N/A 10.127.0.167:22 tcp
N/A 10.127.0.166:22 tcp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-10 udp
N/A 10.127.0.170:22 tcp
N/A 10.127.0.172:22 tcp
N/A 10.127.0.173:22 tcp
N/A 10.127.0.171:22 tcp
N/A 10.127.0.169:22 tcp
N/A 10.127.0.175:22 tcp
N/A 10.127.0.177:22 tcp
N/A 10.127.0.174:22 tcp
N/A 10.127.0.178:22 tcp
N/A 10.127.0.176:22 tcp

Files

/etc/id.services.conf

MD5 ad1e0eac7b5a21d48787c13116526ff6
SHA1 cdd1a9a416f8c6ffa4dc70638990376695fafbf0
SHA256 2ea79246ca36e0bfd5c1968d4344d2b74e3c230be19867732968d63577084f06
SHA512 e32c24f20f66e2945eff0fbe0dc17bf9850a22455b4d4f272008cc40587ec57995c53e6ce7c046271c4c33faf5e424d53676590ad5e21d22061c39ba48dd6c4c

/etc/32678

MD5 768eaf287796da19e1cf5e0b2fb1b161
SHA1 6a1ce2ee5ccc86d1f33806feb14547b35290df2a
SHA256 1d22620dfb2a6715e5d745aed5cf841ede0e75e1747f12b9b925a2d346bc7ecb
SHA512 e6af30c9df4f7f47696069511e64ecbc8e841629d692ee4056503df3533fb7a7a74960698826260355e1dba7b6c562482a27a39bb51a4237473ce4b68472d620

/etc/init.d/linux_kill

MD5 3909975f7cc0d1121c1819b800069f31
SHA1 3e68de708c2e6c40fab6794afdee3104e5590189
SHA256 6876dac71f13a068afb863d257134275f2edba43b2acaf4924fabf97c079070b
SHA512 50600cceeb03b05f45ae61d890caee9f51ff390b6776930866e527e071d65d08241fc66673fd9b99d62fbc77d3c00fc3de4d7378cbc42f5daba5d83072b0906e

/etc/profile.d/bash_config.sh

MD5 cfb4e51061485fe91169381fbdc1538e
SHA1 9a85b9b766a15b01737a41d680e4593b7a9bde87
SHA256 897f37267d0ceaa2fbdaa09847f5d08e6f8b01a0348a0d666264b0f10acd0c90
SHA512 fb154ec711d2090a7461da4db8ddad2b522649a27e74162ecb203f539b1729430288bc02d78d2071bde9c4bbc005693403a57612ef50277d52f816cb94524216

/.img

MD5 d73d3376908ea075a939e3871ad0fabe
SHA1 320ff65831247ba199515f1b94df26cc8a3e5f76
SHA256 edbdabe30d8236a2c0a4eb89dfd597552130e4c1a4e93f8fe1568920442ad73a
SHA512 57b83fef88620598beb5d65626bf757d0abef242d2d6a01796a61474dedc5095a4a9d0f292b6abb450cad3d4410ab8456253600f58ddb66cfe6d79e1c8415536