Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
09-11-2024 07:09
Static task
static1
General
-
Target
smips.elf
-
Size
74KB
-
MD5
dba1fe2fcfd095a8c8efe63da0c58a79
-
SHA1
0a39b195924eebe435431515582ba77f14ed7ed2
-
SHA256
357c1f7cc005afb26f98b1702f50f3e5aced48cb2b7385c39c45470ba9af29f5
-
SHA512
622d1e94c990fd12fd9f94b5367041ecbd595d6b883237d991dbf488ab7e5529eac7632fddec821af14620131c6331da397905cc340347bbc769a3f579ee592f
-
SSDEEP
1536:REyfecuDbjdpKc1iIhOCt1izHcmkGgr7ro7rWlrSbVL4ZbP+KVp:1W10ImkGggL4ZCKD
Malware Config
Signatures
-
Contacts a large (70721) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes itself 1 IoCs
Processes:
smips.elfpid process 697 smips.elf -
Unexpected DNS network traffic destination 17 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 94.247.43.254 Destination IP 80.152.203.134 Destination IP 185.181.61.24 Destination IP 195.10.195.195 Destination IP 80.78.132.79 Destination IP 194.36.144.87 Destination IP 173.208.212.205 Destination IP 217.160.70.42 Destination IP 103.1.206.179 Destination IP 80.152.203.134 Destination IP 173.208.212.205 Destination IP 94.247.43.254 Destination IP 80.78.132.79 Destination IP 94.247.43.254 Destination IP 185.84.81.194 Destination IP 94.247.43.254 Destination IP 88.198.92.222 -
Checks hardware identifiers (DMI) 1 TTPs 1 IoCs
Checks DMI information which indicate if the system is a virtual machine.
Processes:
smips.elfdescription ioc process File opened for reading /sys/devices/virtual/dmi/id/sys_vendor smips.elf -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.