8ee9e64a5483c47f828fa03ec358c8fee326ffc8c6848156687b77415f263765

Analysis

max time kernel
151s
max time network
155s
platform
debian-12_mipsel
resource
debian12-mipsel-20240729-en
resource tags

arch:mipselimage:debian12-mipsel-20240729-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
15-11-2024 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MipsLinuxTF.elf
Size

358KB
MD5

9afbecbbc29961b5b34baaa29b3c5f02
SHA1

1272e1eea25ab4a9d6b9bb764b3d87942b903716
SHA256

8ee9e64a5483c47f828fa03ec358c8fee326ffc8c6848156687b77415f263765
SHA512

c0f05e023211c492d942e1ddff7c9a51fd0c6cc86bc4e844319a9d7f0bd53af55c067848dc7fbbf8348a9a3b792477a4f817713c2f001d7f09de6742ed7bde53
SSDEEP

6144:YCWUWbbMK14mECiqWmOaC1ztPASfIOV68eU1fY5hEQrDh895BtLyhbkMOzqTFSAZ:jvqOyURY55PYOhbkMOGTc6z9FmiIuCYp

Score

7^/10

antivm defense_evasion discovery execution

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 4 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
744	sh
747	chmod
756	sh
759	chmod

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

T1497.001

description	ioc	Process
File opened for reading	/proc/cpuinfo	MipsLinuxTF.elf

Command and Scripting Interpreter: Unix Shell 1 TTPs 7 IoCs

Execute scripts via Unix Shell.

execution

Unix Shell

T1059.004

pid	Process
750	sh
762	sh
768	sh
774	sh
779	sh
782	sh
789	sh

Reads runtime system information 8 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/stat	MipsLinuxTF.elf
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed

System Network Configuration Discovery 1 TTPs 11 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
784	sed
789	sh
791	sed
743	MipsLinuxTF.elf
782	sh
774	sh
776	sed
779	sh
781	sed
750	sh
752	mv

/tmp/MipsLinuxTF.elf
/tmp/MipsLinuxTF.elf
1⤵
- Checks CPU configuration
- Reads runtime system information
- System Network Configuration Discovery
PID:743
- /bin/sh
  /bin/sh -c "chmod +x /etc/rc.local"
  2⤵
  - File and Directory Permissions Modification
  PID:744
- - /usr/bin/chmod
    chmod +x /etc/rc.local
    3⤵
    - File and Directory Permissions Modification
    PID:747
- /bin/sh
  /bin/sh -c "mv /tmp/MipsLinuxTF.elf /etc/MipsLinuxTF.elf"
  2⤵
  - Command and Scripting Interpreter: Unix Shell
  - System Network Configuration Discovery
  PID:750
- - /usr/bin/mv
    mv /tmp/MipsLinuxTF.elf /etc/MipsLinuxTF.elf
    3⤵
    - Reads runtime system information
    - System Network Configuration Discovery
    PID:752
- /bin/sh
  /bin/sh -c "cd /etc;chmod 777 MipsLinuxTF.elf"
  2⤵
  - File and Directory Permissions Modification
  PID:756
- - /usr/bin/chmod
    chmod 777 MipsLinuxTF.elf
    3⤵
    - File and Directory Permissions Modification
    PID:759
- /bin/sh
  /bin/sh -c "sed -i -e '/exit/d' /etc/rc.local"
  2⤵
  - Command and Scripting Interpreter: Unix Shell
  PID:762
- - /usr/bin/sed
    sed -i -e /exit/d /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:765
- /bin/sh
  /bin/sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
  2⤵
  - Command and Scripting Interpreter: Unix Shell
  PID:768
- - /usr/bin/sed
    sed -i -e "/^ | | \$/d" /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:771
- /bin/sh
  /bin/sh -c "sed -i -e '/MipsLinuxTF.elf/d' /etc/rc.local"
  2⤵
  - Command and Scripting Interpreter: Unix Shell
  - System Network Configuration Discovery
  PID:774
- - /usr/bin/sed
    sed -i -e /MipsLinuxTF.elf/d /etc/rc.local
    3⤵
    - Reads runtime system information
    - System Network Configuration Discovery
    PID:776
- /bin/sh
  /bin/sh -c "sed -i -e '2 i/etc/MipsLinuxTF.elf reboot' /etc/rc.local"
  2⤵
  - Command and Scripting Interpreter: Unix Shell
  - System Network Configuration Discovery
  PID:779
- - /usr/bin/sed
    sed -i -e "2 i/etc/MipsLinuxTF.elf reboot" /etc/rc.local
    3⤵
    - Reads runtime system information
    - System Network Configuration Discovery
    PID:781
- /bin/sh
  /bin/sh -c "sed -i -e '2 i/etc/MipsLinuxTF.elf start' /etc/rc.d/rc.local"
  2⤵
  - Command and Scripting Interpreter: Unix Shell
  - System Network Configuration Discovery
  PID:782
- - /usr/bin/sed
    sed -i -e "2 i/etc/MipsLinuxTF.elf start" /etc/rc.d/rc.local
    3⤵
    - Reads runtime system information
    - System Network Configuration Discovery
    PID:784
- /bin/sh
  /bin/sh -c "sed -i -e '2 i/etc/MipsLinuxTF.elf start' /etc/init.d/boot.local"
  2⤵
  - Command and Scripting Interpreter: Unix Shell
  - System Network Configuration Discovery
  PID:789
- - /usr/bin/sed
    sed -i -e "2 i/etc/MipsLinuxTF.elf start" /etc/init.d/boot.local
    3⤵
    - Reads runtime system information
    - System Network Configuration Discovery
    PID:791