Malware Analysis Report

2025-08-05 10:35

Sample ID 241107-ssftwstqbx
Target mips.elf
SHA256 49e0876cac5de1e9edd89be8a46112628d15422f6d69421a1203bd0afc865c5d
Tags
upx discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

49e0876cac5de1e9edd89be8a46112628d15422f6d69421a1203bd0afc865c5d

Threat Level: Shows suspicious behavior

The file mips.elf was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx discovery

Reads system routing table

UPX packed file

Reads system network configuration

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 15:23

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 15:23

Reported

2024-11-07 15:25

Platform

debian9-mipsbe-20240611-en

Max time kernel

146s

Max time network

151s

Command Line

[/tmp/mips.elf]

Signatures

Reads system routing table

discovery
Description Indicator Process Target
File opened for reading /proc/net/route /tmp/mips.elf N/A

Reads system network configuration

discovery
Description Indicator Process Target
File opened for reading /proc/net/route /tmp/mips.elf N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/mips.elf N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/Infected.log /tmp/mips.elf N/A

Processes

/tmp/mips.elf

[/tmp/mips.elf]

Network

Country Destination Domain Proto
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp

Files

memory/703-1-0x00400000-0x004a0b48-memory.dmp

/tmp/Infected.log

MD5 a70a5dde6f79eaea4e71c88b6a2ccc38
SHA1 92c0273c4be5d4b7bdbdd500de5a64e5e05652b2
SHA256 d087a5a10a09b589993d8cc44a24ef22db26ffd0feeeb3f29b15af008c292af8
SHA512 aaa7d00faa34a87292f23a16dae8a7a4b5a40c8e375a579f1286427819c2a04e1c6f970dbc0f2433e6c03f59a2ece0f28ba1e8fc526bc4afe77f176f61876c52