Overview

overview

7

Static

static

1

cve_2024_6387/386

ubuntu-24.04-amd64

7

cve_2024_6387/aarch64

ubuntu-22.04-amd64

7

cve_2024_6387/amd64

ubuntu-20.04-amd64

7

cve_2024_6387/arm5

debian-9-armhf

7

cve_2024_6387/arm6

debian-12-armhf

7

cve_2024_6387/arm7

debian-12-armhf

7

cve_2024_6...nup.sh

ubuntu-18.04-amd64

7

cve_2024_6...nup.sh

debian-9-armhf

7

cve_2024_6...nup.sh

debian-9-mips

7

cve_2024_6...nup.sh

debian-9-mipsel

7

cve_2024_6387/exploit

ubuntu-18.04-amd64

7

cve_2024_6...oit.py

windows7-x64

3

cve_2024_6...oit.py

windows10-2004-x64

3

cve_2024_6387/mips

debian-9-mips

3

cve_2024_6387/mips64

debian-9-mips

cve_2024_6...ps64el

debian-9-mipsel

cve_2024_6387/mipsel

debian-9-mipsel

3

Analysis

  • max time kernel
    149s
  • max time network
    170s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240418-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    23-11-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cve_2024_6387/mips

  • Size

    5.6MB

  • MD5

    35baf8244b9e96bae7a9a97df0c61188

  • SHA1

    c514efc4b6d0fe0672f6ddb30609a59587ac04d4

  • SHA256

    b51432d075111f86ee327fb9aa7aa7007b7ec35e4821f7308cf40029943719f7

  • SHA512

    8b73cf3a6ad9e6443fdd59ea00be182cb77816cefb54109cb489469c3eda9283b575a1b5f45336464309557911f19c4fc8ec2988413046f108cca92b74e028e6

  • SSDEEP

    49152:5QO0LQyjgECLOOVb3RZICE3Zxnw4RLjvAJ0ZHYVw/1W4aU5mPkIpWgT8IDw9bkpf:WRo7DpkRSmvnG

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates kernel/hardware configuration 1 TTPs 7 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 22 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 2 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/cve_2024_6387/mips
    /tmp/cve_2024_6387/mips
    1⤵
    • Enumerates kernel/hardware configuration
    • System Network Configuration Discovery
    PID:738
    • /tmp/cve_2024_6387/mips
      /tmp/cve_2024_6387/mips " "
      2⤵
      • Enumerates kernel/hardware configuration
      • System Network Configuration Discovery
      PID:745
      • /usr/sbin/update-rc.d
        update-rc.d dns-udp4 defaults
        3⤵
          PID:757
          • /usr/local/sbin/systemctl
            systemctl daemon-reload
            4⤵
              PID:763
            • /usr/local/bin/systemctl
              systemctl daemon-reload
              4⤵
                PID:763
              • /usr/sbin/systemctl
                systemctl daemon-reload
                4⤵
                  PID:763
                • /usr/bin/systemctl
                  systemctl daemon-reload
                  4⤵
                    PID:763
                  • /sbin/systemctl
                    systemctl daemon-reload
                    4⤵
                      PID:763
                    • /bin/systemctl
                      systemctl daemon-reload
                      4⤵
                      • Enumerates kernel/hardware configuration
                      • Reads runtime system information
                      PID:763
                  • /bin/mount
                    mount -o bind /tmp/ /proc/745
                    3⤵
                    • Reads runtime system information
                    PID:765
                  • /usr/sbin/service
                    service cron start
                    3⤵
                      PID:767
                      • /usr/bin/basename
                        basename /usr/sbin/service
                        4⤵
                          PID:768
                        • /usr/bin/basename
                          basename /usr/sbin/service
                          4⤵
                            PID:769
                          • /bin/systemctl
                            systemctl --quiet is-active multi-user.target
                            4⤵
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            PID:771
                          • /bin/sed
                            sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                            4⤵
                            • Reads runtime system information
                            PID:775
                          • /bin/systemctl
                            systemctl list-unit-files --full "--type=socket"
                            4⤵
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            PID:774
                        • /usr/local/sbin/systemctl
                          systemctl "--job-mode=ignore-dependencies" start cron.service
                          3⤵
                            PID:767
                          • /usr/local/bin/systemctl
                            systemctl "--job-mode=ignore-dependencies" start cron.service
                            3⤵
                              PID:767
                            • /usr/sbin/systemctl
                              systemctl "--job-mode=ignore-dependencies" start cron.service
                              3⤵
                                PID:767
                              • /usr/bin/systemctl
                                systemctl "--job-mode=ignore-dependencies" start cron.service
                                3⤵
                                  PID:767
                                • /sbin/systemctl
                                  systemctl "--job-mode=ignore-dependencies" start cron.service
                                  3⤵
                                    PID:767
                                  • /bin/systemctl
                                    systemctl "--job-mode=ignore-dependencies" start cron.service
                                    3⤵
                                    • Enumerates kernel/hardware configuration
                                    • Reads runtime system information
                                    PID:767
                                  • /bin/systemctl
                                    systemctl start crond.service
                                    3⤵
                                    • Enumerates kernel/hardware configuration
                                    • Reads runtime system information
                                    PID:777

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • /.mod
                                Filesize

                                27B

                                MD5

                                f449ef47c4f79ab4ecfe3d11022333d5

                                SHA1

                                61ebb524cee5a049cc96bf2cbf339a47dcb1b622

                                SHA256

                                503dffa20530956c5f61187e00935f20fe508c35dbb1fcf665b5d28d07d3d704

                                SHA512

                                a7015de8bd582dbf7ce6df708a58a725e1b1cd472c6616fbb89a9738c533c042ac39c071ca0cf2fc5df8e56f33bf8a28b1ebd3076570f5028cff773af89031f6

                                Download Submit

                              • /boot/system.pub
                                Filesize

                                5.6MB

                                MD5

                                35baf8244b9e96bae7a9a97df0c61188

                                SHA1

                                c514efc4b6d0fe0672f6ddb30609a59587ac04d4

                                SHA256

                                b51432d075111f86ee327fb9aa7aa7007b7ec35e4821f7308cf40029943719f7

                                SHA512

                                8b73cf3a6ad9e6443fdd59ea00be182cb77816cefb54109cb489469c3eda9283b575a1b5f45336464309557911f19c4fc8ec2988413046f108cca92b74e028e6

                                Download Submit

                              • /etc/.cfg
                                Filesize

                                57B

                                MD5

                                25bfc97b9241077f7ee65c9d5831c0ae

                                SHA1

                                4d1e84cfe6f0619642400cbcc77ee008d452f622

                                SHA256

                                7e18da2137e9453fd98ed61aa79420a173383b2f7a5fe6538b70fbb560f9b3f6

                                SHA512

                                e3686c1fe664e67fc503275c6c0fa831ee43c1b081d8f826a616314505e3f952f98a8697911d1799e3f8c1957cd3a1bb5f888766877e5081b32942a6f2d8bff3

                                Download Submit

                              • /etc/.cfg
                                Filesize

                                106B

                                MD5

                                8b5fa5c6720f34211590be9e4381211e

                                SHA1

                                6747f1c9405fe23a3a003d5a2ba89872c62fb180

                                SHA256

                                dda4036fbf9ad979af96e972eafba2a713f3f2dd1773c865b8d22e25d56c6bd2

                                SHA512

                                cc4b7b6bf732a7706a79ec097ff7b30cfcf4866b0a991c8c2bee68216ee1af3b10c3cec4772a636b973afcf4c6f1ce23adf20b431ba38167fce309382237d2d3

                                Download Submit

                              • /etc/init.d/dns-udp4
                                Filesize

                                159B

                                MD5

                                79f1a0bf1a838c817142e43a5818733a

                                SHA1

                                768ed04a737dbdc969165092694e0e977321ca19

                                SHA256

                                a3f7d4499b03a14ff2de76122b6a61c221151f59daa6a63a78ae5a805c95a482

                                SHA512

                                b6d6f76f3e5b768a6670e05276724b70609259c856ba90ad34f8a782ac40134b9cf5cdabebb4aa55f076a786cedf8491adda9835f9d4aee90bd1820a45b2fbce

                                Download Submit

                              • /etc/profile.d/gateway.sh
                                Filesize

                                693B

                                MD5

                                b7277f1ec809fe668f254a10ced3a803

                                SHA1

                                eec8ebbc904eb25fac0dbd906d8aa3373fad581d

                                SHA256

                                71c592d47ff5c0225b3fcc7653a58491e546af622316032743ec57776818671c

                                SHA512

                                36eaa131b3f17a94621d947eeaa4ddbe3930754f1066ce2bd827db6b381bda1ed7ceb7e64e51802ab93aff3167617ff88f45ec68208fe373cb3e46a6c7cee904

                                Download Submit