Analysis

  • max time kernel
    5s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240729-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240729-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    03-11-2024 02:53

General

  • Target

    628a4a3d5b1f134676431472700ee2240630e63e0732d3542f5c99163628f9b6.elf

  • Size

    2.2MB

  • MD5

    2e553ae934700ad207d20da88ada397d

  • SHA1

    83701c9fee81fbe26834a27993c1e683c1b100b5

  • SHA256

    628a4a3d5b1f134676431472700ee2240630e63e0732d3542f5c99163628f9b6

  • SHA512

    9d44c2aad90ee0a7bf203c01c190593f0c0f8316a277fc020b441e99234902106870e9df50a2001f0fb20cc349ecf1a27a2617c68424648d2ec1f121ee37523d

  • SSDEEP

    24576:kO+PuaNFZRml7/I1n0TOakVXFYd+lCQYWz1v:9eNkxd+lCWz1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Command and Scripting Interpreter: Unix Shell 1 TTPs 1 IoCs

    Execute scripts via Unix Shell.

  • Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/628a4a3d5b1f134676431472700ee2240630e63e0732d3542f5c99163628f9b6.elf
    /tmp/628a4a3d5b1f134676431472700ee2240630e63e0732d3542f5c99163628f9b6.elf
    1⤵
    • Enumerates kernel/hardware configuration
    PID:741
    • /tmp/628a4a3d5b1f134676431472700ee2240630e63e0732d3542f5c99163628f9b6.elf
      /tmp/628a4a3d5b1f134676431472700ee2240630e63e0732d3542f5c99163628f9b6.elf " "
      2⤵
      • Enumerates kernel/hardware configuration
      • Reads runtime system information
      PID:745
      • /bin/sh
        /bin/sh -c "/etc/32676&"
        3⤵
        • Command and Scripting Interpreter: Unix Shell
        PID:750
      • /usr/sbin/service
        service crond start
        3⤵
          PID:757
          • /usr/bin/basename
            basename /usr/sbin/service
            4⤵
              PID:760
            • /usr/bin/basename
              basename /usr/sbin/service
              4⤵
                PID:762
              • /usr/bin/systemctl
                systemctl list-unit-files --full "--type=socket"
                4⤵
                • Reads runtime system information
                PID:766
              • /usr/bin/sed
                sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                4⤵
                • Reads runtime system information
                PID:767
        • /etc/32676
          /etc/32676
          1⤵
          • Executes dropped EXE
          PID:754
          • /usr/bin/sleep
            sleep 60
            2⤵
              PID:759

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /etc/.walk

            Filesize

            41B

            MD5

            7db9364ee0f77bf3c0f0745ffce6f223

            SHA1

            fb8480bfda304979fc908631852a09008766a354

            SHA256

            2ed7facc81e029a5a8fab2820e18c5400ee180c379309ff3e1713cc6e9473b96

            SHA512

            802decd31b2eb1bb41b902335cc9b4a24db5c2c393459cdf636e4b48f034b80514aba03ea54c84e54cb68078d9a6e68a363af028233c25e7035ff675474c4eff

          • /etc/.walk

            Filesize

            90B

            MD5

            99d3c8d23102dd11e4e700af556124f2

            SHA1

            b9ce0fb93245e5d356dec908f5cc57738fa96a48

            SHA256

            eff0865ccd00edcbd7488867c3a29d2bd667e8a0efaefe8c2ab86c2ec8b36be8

            SHA512

            d8d93a19647f3eb401a8ea128db466c5cd18c93bb7dabc4d4d0c8b3845c8baf027158b7121e2f97debd395ea47c138ee18c2032524d2df8fd13086aa504467e1

          • /etc/32676

            Filesize

            61B

            MD5

            47684525bfdf26f49fd1cf742b17c015

            SHA1

            c4ab14ba22420ff9acadfc698a38d0cd99e9fbfa

            SHA256

            b7ce294613dd2c237a4a50548bfcd5c14d166107f2d2e965499bc78695300d5b

            SHA512

            948f9c519ae9afe1c821c5d58da2e584e50356dabef597ccd408853a9038560b9fb1c5894900e2725b48977ffd49d18a439436bb4946e2164ac9fcf2a8637621