Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    09-11-2024 07:09

General

  • Target

    smips.elf

  • Size

    74KB

  • MD5

    dba1fe2fcfd095a8c8efe63da0c58a79

  • SHA1

    0a39b195924eebe435431515582ba77f14ed7ed2

  • SHA256

    357c1f7cc005afb26f98b1702f50f3e5aced48cb2b7385c39c45470ba9af29f5

  • SHA512

    622d1e94c990fd12fd9f94b5367041ecbd595d6b883237d991dbf488ab7e5529eac7632fddec821af14620131c6331da397905cc340347bbc769a3f579ee592f

  • SSDEEP

    1536:REyfecuDbjdpKc1iIhOCt1izHcmkGgr7ro7rWlrSbVL4ZbP+KVp:1W10ImkGggL4ZCKD

Score
9/10

Malware Config

Signatures

  • Contacts a large (70721) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Deletes itself 1 IoCs
  • Unexpected DNS network traffic destination 17 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks hardware identifiers (DMI) 1 TTPs 1 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

Processes

  • /tmp/smips.elf
    /tmp/smips.elf
    1⤵
    • Deletes itself
    • Checks hardware identifiers (DMI)
    • System Network Configuration Discovery
    PID:697

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads