Analysis
-
max time kernel
14s -
max time network
23s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
04-11-2024 15:47
Behavioral task
behavioral1
Sample
linux_mipsel.elf
Resource
debian12-mipsel-20240221-en
General
-
Target
linux_mipsel.elf
-
Size
5.6MB
-
MD5
a588866d01919ba373464c54536b57a8
-
SHA1
1bff6f7edc7522ad35563b7998cb85bf7df09baf
-
SHA256
63e389a3d5251cbeaaab08d5d0cad2b49226eb0764652c64d3f663f7ad8a393f
-
SHA512
f9743b778aa1fc11b7b95939ab613335b40c5cfbd45f640811af0cc55d22f18bb0a9f90fddbfc91efbfd4b67803d143962cd1a578b59fb0b827d68b405c06cfc
-
SSDEEP
98304:yC91hAFxvW6WGVqq7g3JDCg76dAuE8iW5ay5mIOX+aaNcc8pNkxXkz8xBs3K4HUj:yC91hAFxvW6WGVqq7g3JDCg76dAuE8iQ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
32678ioc pid process /etc/32678 770 32678 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
linux_mipsel.elfdescription ioc process File opened for modification /dev/watchdog linux_mipsel.elf File opened for modification /dev/misc/watchdog linux_mipsel.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Processes:
linux_mipsel.elfdescription ioc process File opened for modification /etc/init.d/linux_kill linux_mipsel.elf -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
linux_mipsel.elflinux_mipsel.elfdescription ioc process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size linux_mipsel.elf File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size linux_mipsel.elf -
Processes:
linux_mipsel.elfsystemctlseddescription ioc process File opened for reading /proc/397/stat linux_mipsel.elf File opened for reading /proc/784/stat linux_mipsel.elf File opened for reading /proc/202/stat linux_mipsel.elf File opened for reading /proc/781/stat linux_mipsel.elf File opened for reading /proc/354/stat linux_mipsel.elf File opened for reading /proc/394/stat linux_mipsel.elf File opened for reading /proc/697/stat linux_mipsel.elf File opened for reading /proc/711/stat linux_mipsel.elf File opened for reading /proc/717/stat linux_mipsel.elf File opened for reading /proc/762/stat linux_mipsel.elf File opened for reading /proc/766/stat linux_mipsel.elf File opened for reading /proc/770/stat linux_mipsel.elf File opened for reading /proc/filesystems systemctl File opened for reading /proc/346/stat linux_mipsel.elf File opened for reading /proc/380/stat linux_mipsel.elf File opened for reading /proc/416/stat linux_mipsel.elf File opened for reading /proc/679/stat linux_mipsel.elf File opened for reading /proc/720/stat linux_mipsel.elf File opened for reading /proc/783/stat linux_mipsel.elf File opened for reading /proc/417/stat linux_mipsel.elf File opened for reading /proc/449/stat linux_mipsel.elf File opened for reading /proc/787/stat linux_mipsel.elf File opened for reading /proc/381/stat linux_mipsel.elf File opened for reading /proc/667/stat linux_mipsel.elf File opened for reading /proc/714/stat linux_mipsel.elf File opened for reading /proc/730/stat linux_mipsel.elf File opened for reading /proc/760/stat linux_mipsel.elf File opened for reading /proc/773/stat linux_mipsel.elf File opened for reading /proc/filesystems sed File opened for reading /proc/680/stat linux_mipsel.elf File opened for reading /proc/698/stat linux_mipsel.elf File opened for reading /proc/712/stat linux_mipsel.elf File opened for reading /proc/748/stat linux_mipsel.elf File opened for reading /proc/731/stat linux_mipsel.elf File opened for reading /proc/759/stat linux_mipsel.elf File opened for reading /proc/767/stat linux_mipsel.elf File opened for reading /proc/768/stat linux_mipsel.elf -
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
linux_mipsel.elflinux_mipsel.elfpid process 741 linux_mipsel.elf 767 linux_mipsel.elf
Processes
-
/tmp/linux_mipsel.elf/tmp/linux_mipsel.elf1⤵
- Enumerates kernel/hardware configuration
- System Network Configuration Discovery
PID:741 -
/usr/bin/shsh -c "/etc/32678&"2⤵PID:764
-
/etc/32678/etc/326783⤵
- Executes dropped EXE
PID:770 -
/usr/bin/sleepsleep 604⤵PID:773
-
-
-
-
/usr/sbin/serviceservice crond start2⤵PID:766
-
/usr/bin/basenamebasename /usr/sbin/service3⤵PID:771
-
-
/usr/bin/basenamebasename /usr/sbin/service3⤵PID:779
-
-
/usr/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"3⤵
- Reads runtime system information
PID:784
-
-
/usr/bin/systemctlsystemctl list-unit-files --full "--type=socket"3⤵
- Reads runtime system information
PID:783
-
-
-
/tmp/linux_mipsel.elf/tmp/linux_mipsel.elf " "2⤵
- Modifies Watchdog functionality
- Modifies init.d
- Enumerates kernel/hardware configuration
- Reads runtime system information
- System Network Configuration Discovery
PID:767 -
/usr/sbin/update-rc.dupdate-rc.d linux_kill defaults3⤵PID:793
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61B
MD5768eaf287796da19e1cf5e0b2fb1b161
SHA16a1ce2ee5ccc86d1f33806feb14547b35290df2a
SHA2561d22620dfb2a6715e5d745aed5cf841ede0e75e1747f12b9b925a2d346bc7ecb
SHA512e6af30c9df4f7f47696069511e64ecbc8e841629d692ee4056503df3533fb7a7a74960698826260355e1dba7b6c562482a27a39bb51a4237473ce4b68472d620
-
Filesize
189B
MD53909975f7cc0d1121c1819b800069f31
SHA13e68de708c2e6c40fab6794afdee3104e5590189
SHA2566876dac71f13a068afb863d257134275f2edba43b2acaf4924fabf97c079070b
SHA51250600cceeb03b05f45ae61d890caee9f51ff390b6776930866e527e071d65d08241fc66673fd9b99d62fbc77d3c00fc3de4d7378cbc42f5daba5d83072b0906e