Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    04-11-2024 02:50

General

  • Target

    bdebb67266d5f96b7d85cfb9644deee81161b54b60b0fded6cf36544a15fa9b2.elf

  • Size

    151KB

  • MD5

    3c90d5820bddcf7c5d1bd21dfa49d958

  • SHA1

    5ba05bd489e50af97d6dc45e3a0be60e494d5083

  • SHA256

    bdebb67266d5f96b7d85cfb9644deee81161b54b60b0fded6cf36544a15fa9b2

  • SHA512

    54a0e2ec10040634100fb5c4bddc35f558471f4ff833f9ad20f16ffd14c286cf251841bdaad7c557c3c78efc2094db91038c195c0ddabdecf9beac97ff2ce01a

  • SSDEEP

    1536:mVqSjUF+uLHLVdiLzLsLzLsL7LeLGLXL0LLLkLhqqvZjptByZEGkbU+/pWacxZkI:tr9dy1B2gSpLg70mLjXswi5itRx2p

Malware Config

Signatures

  • Contacts a large (2169) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Renames itself 1 IoCs
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/bdebb67266d5f96b7d85cfb9644deee81161b54b60b0fded6cf36544a15fa9b2.elf
    /tmp/bdebb67266d5f96b7d85cfb9644deee81161b54b60b0fded6cf36544a15fa9b2.elf
    1⤵
    • Renames itself
    • Reads runtime system information
    PID:692
    • /bin/sh
      sh -c "crontab -l"
      2⤵
        PID:694
        • /usr/bin/crontab
          crontab -l
          3⤵
            PID:696
        • /bin/sh
          sh -c "crontab -"
          2⤵
            PID:704
            • /usr/bin/crontab
              crontab -
              3⤵
              • Creates/modifies Cron job
              • Reads runtime system information
              PID:706

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/spool/cron/crontabs/tmp.I8jqNO

          Filesize

          210B

          MD5

          9acb0d3f4eea71787e2dc7455a0c25c7

          SHA1

          b68b658cf7b1f8efbe85ee3b5ece807c13c812ec

          SHA256

          b4ebc1435e9101b8c0605a286f35a94c540762002f0ed51296747c63851c51b2

          SHA512

          4a09bf599a5c3de55e67e5887ef27074e9b8ceb9db48ff551454a01f91edf246992e99f2cc10a77f17258b50898f5c58a2c0d48d31322288df9d95080f3e4d07