Overview

overview

7

Static

static

1

cve_2024_6387/386

ubuntu-24.04-amd64

7

cve_2024_6387/aarch64

ubuntu-22.04-amd64

7

cve_2024_6387/amd64

ubuntu-20.04-amd64

7

cve_2024_6387/arm5

debian-9-armhf

7

cve_2024_6387/arm6

debian-12-armhf

7

cve_2024_6387/arm7

debian-12-armhf

7

cve_2024_6...nup.sh

ubuntu-18.04-amd64

7

cve_2024_6...nup.sh

debian-9-armhf

7

cve_2024_6...nup.sh

debian-9-mips

7

cve_2024_6...nup.sh

debian-9-mipsel

7

cve_2024_6387/exploit

ubuntu-18.04-amd64

7

cve_2024_6...oit.py

windows7-x64

3

cve_2024_6...oit.py

windows10-2004-x64

3

cve_2024_6387/mips

debian-9-mips

3

cve_2024_6387/mips64

debian-9-mips

cve_2024_6...ps64el

debian-9-mipsel

cve_2024_6387/mipsel

debian-9-mipsel

3

Analysis

  • max time kernel
    109s
  • max time network
    169s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240611-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    23-11-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cve_2024_6387/mipsel

  • Size

    5.6MB

  • MD5

    4ffce2d01ec451f990369781dc98d1b4

  • SHA1

    a67a00f6cb7f003504fe28d3265392a482727e0f

  • SHA256

    d0c443e61a1f050728572f6417261efc67b43e09b785c90d1ddca8214cdb3583

  • SHA512

    3a91c2f221e2ad50e6b01709d490c07e57b735aa415b2acfb49519ed6eac94509a182fcd68df91953b9d8f53ea0bbea2dd58730f192bfd4ad19d243d9de185bd

  • SSDEEP

    49152:Aur3a8E7Hc+zXubT3xFwLtVtNu9OKpjfsF:ZSbc+zXtEe

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates kernel/hardware configuration 1 TTPs 7 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 22 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 2 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/cve_2024_6387/mipsel
    /tmp/cve_2024_6387/mipsel
    1⤵
    • Enumerates kernel/hardware configuration
    • System Network Configuration Discovery
    PID:738
    • /tmp/cve_2024_6387/mipsel
      /tmp/cve_2024_6387/mipsel " "
      2⤵
      • Enumerates kernel/hardware configuration
      • System Network Configuration Discovery
      PID:741
      • /usr/sbin/update-rc.d
        update-rc.d dns-udp4 defaults
        3⤵
          PID:754
          • /usr/local/sbin/systemctl
            systemctl daemon-reload
            4⤵
              PID:758
            • /usr/local/bin/systemctl
              systemctl daemon-reload
              4⤵
                PID:758
              • /usr/sbin/systemctl
                systemctl daemon-reload
                4⤵
                  PID:758
                • /usr/bin/systemctl
                  systemctl daemon-reload
                  4⤵
                    PID:758
                  • /sbin/systemctl
                    systemctl daemon-reload
                    4⤵
                      PID:758
                    • /bin/systemctl
                      systemctl daemon-reload
                      4⤵
                      • Enumerates kernel/hardware configuration
                      • Reads runtime system information
                      PID:758
                  • /bin/mount
                    mount -o bind /tmp/ /proc/741
                    3⤵
                    • Reads runtime system information
                    PID:760
                  • /usr/sbin/service
                    service cron start
                    3⤵
                      PID:762
                      • /usr/bin/basename
                        basename /usr/sbin/service
                        4⤵
                          PID:763
                        • /usr/bin/basename
                          basename /usr/sbin/service
                          4⤵
                            PID:765
                          • /bin/systemctl
                            systemctl --quiet is-active multi-user.target
                            4⤵
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            PID:766
                          • /bin/systemctl
                            systemctl list-unit-files --full "--type=socket"
                            4⤵
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            PID:768
                          • /bin/sed
                            sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                            4⤵
                            • Reads runtime system information
                            PID:769
                        • /usr/local/sbin/systemctl
                          systemctl "--job-mode=ignore-dependencies" start cron.service
                          3⤵
                            PID:762
                          • /usr/local/bin/systemctl
                            systemctl "--job-mode=ignore-dependencies" start cron.service
                            3⤵
                              PID:762
                            • /usr/sbin/systemctl
                              systemctl "--job-mode=ignore-dependencies" start cron.service
                              3⤵
                                PID:762
                              • /usr/bin/systemctl
                                systemctl "--job-mode=ignore-dependencies" start cron.service
                                3⤵
                                  PID:762
                                • /sbin/systemctl
                                  systemctl "--job-mode=ignore-dependencies" start cron.service
                                  3⤵
                                    PID:762
                                  • /bin/systemctl
                                    systemctl "--job-mode=ignore-dependencies" start cron.service
                                    3⤵
                                    • Enumerates kernel/hardware configuration
                                    • Reads runtime system information
                                    PID:762
                                  • /bin/systemctl
                                    systemctl start crond.service
                                    3⤵
                                    • Enumerates kernel/hardware configuration
                                    • Reads runtime system information
                                    PID:772

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • /.mod
                                Filesize

                                27B

                                MD5

                                f449ef47c4f79ab4ecfe3d11022333d5

                                SHA1

                                61ebb524cee5a049cc96bf2cbf339a47dcb1b622

                                SHA256

                                503dffa20530956c5f61187e00935f20fe508c35dbb1fcf665b5d28d07d3d704

                                SHA512

                                a7015de8bd582dbf7ce6df708a58a725e1b1cd472c6616fbb89a9738c533c042ac39c071ca0cf2fc5df8e56f33bf8a28b1ebd3076570f5028cff773af89031f6

                                Download Submit

                              • /boot/system.pub
                                Filesize

                                5.6MB

                                MD5

                                4ffce2d01ec451f990369781dc98d1b4

                                SHA1

                                a67a00f6cb7f003504fe28d3265392a482727e0f

                                SHA256

                                d0c443e61a1f050728572f6417261efc67b43e09b785c90d1ddca8214cdb3583

                                SHA512

                                3a91c2f221e2ad50e6b01709d490c07e57b735aa415b2acfb49519ed6eac94509a182fcd68df91953b9d8f53ea0bbea2dd58730f192bfd4ad19d243d9de185bd

                                Download Submit

                              • /etc/.cfg
                                Filesize

                                57B

                                MD5

                                25bfc97b9241077f7ee65c9d5831c0ae

                                SHA1

                                4d1e84cfe6f0619642400cbcc77ee008d452f622

                                SHA256

                                7e18da2137e9453fd98ed61aa79420a173383b2f7a5fe6538b70fbb560f9b3f6

                                SHA512

                                e3686c1fe664e67fc503275c6c0fa831ee43c1b081d8f826a616314505e3f952f98a8697911d1799e3f8c1957cd3a1bb5f888766877e5081b32942a6f2d8bff3

                                Download Submit

                              • /etc/.cfg
                                Filesize

                                106B

                                MD5

                                7a7f06403af5e6debf4b6c0ede74567f

                                SHA1

                                d9a090bb3c328bf4a549d42319aedc2d5530cfb3

                                SHA256

                                4e13856d673a92e27815fde9375a64b9d66bc3995cd798ba154c7b1297dcf591

                                SHA512

                                d3c29d5658916f28c46edb223a1f51fe05eaa020754d2ab457a2823a66be47f41a74cc545ce5a3722eef9c50df64478d4bc9f310b8343860044cc30bd79daa76

                                Download Submit

                              • /etc/init.d/dns-udp4
                                Filesize

                                159B

                                MD5

                                79f1a0bf1a838c817142e43a5818733a

                                SHA1

                                768ed04a737dbdc969165092694e0e977321ca19

                                SHA256

                                a3f7d4499b03a14ff2de76122b6a61c221151f59daa6a63a78ae5a805c95a482

                                SHA512

                                b6d6f76f3e5b768a6670e05276724b70609259c856ba90ad34f8a782ac40134b9cf5cdabebb4aa55f076a786cedf8491adda9835f9d4aee90bd1820a45b2fbce

                                Download Submit

                              • /etc/profile.d/gateway.sh
                                Filesize

                                695B

                                MD5

                                1349367da0273898fa167dd0de581c9a

                                SHA1

                                af592a83ce9501daf8f5c67d89288ed6a623b952

                                SHA256

                                ef8d06e8bc49e78dd7ebd119765e537d59c4b7b7fd4a910360c70ed5acae521e

                                SHA512

                                8ffaf8893cc6ee8e7cc9f0c27371db8f1aa43c182a46f3439342500e9216ffe19c7b920294ab13e734f264477724b45b5b801038b357871c4c36f6ab99b028f2

                                Download Submit