4861dc86e0eef13b546d4a6e69e1f9ada2a81ee13bf4c2a4f55f381e6c4a2c72

Analysis

max time kernel
7s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
25-11-2024 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

platforms/aix/local/4232.sh
Size

635B
MD5

a3546946df48b2c8403d47b61e0c329f
SHA1

6f631ee5481c1d31041b72a4fb8dbca1788419c0
SHA256

6dd9464a2091f42438f09c9aa668fa0133837ec281e576db9778a23b0cb9018f
SHA512

0b83d1409ecfd3013dbe652b8d5b15a52602096e1fd71701c2d64179dbddb8eccc50002fc76acb759f57e173431e2a16a2b5f12dbce768017ccf6f826afac7c3

Score

3^/10

discovery

Malware Config

Signatures

System Network Configuration Discovery 1 TTPs 4 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
748	as
748	as
748	as
748	as

Writes file to tmp directory 11 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/ccjIRoUt.s	gcc
File opened for modification	/tmp/ccjIRoUt.s	cc1
File opened for modification	/tmp/cceRKV0U.o	gcc
File opened for modification	/tmp/cceRKV0U.o	as
File opened for modification	/tmp/cc1VniqE.res	gcc
File opened for modification	/tmp/ccQ7VYlS.o	collect2
File opened for modification	/tmp/ccIrM6pJ.ld	collect2
File opened for modification	/tmp/platforms/aix/local/piolib.c	4232.sh
File opened for modification	/tmp/cc4Ggpb1.c	collect2
File opened for modification	/tmp/ccAJlKGA.le	collect2
File opened for modification	/tmp/platforms/aix/local/piolib	ld

/tmp/platforms/aix/local/4232.sh
/tmp/platforms/aix/local/4232.sh
1⤵
- Writes file to tmp directory
PID:736
- /bin/cat
  cat
  2⤵
  PID:737
- /usr/bin/gcc
  gcc piolib.c -o piolib -shared -fPIC
  2⤵
  - Writes file to tmp directory
  PID:738
- - /usr/lib/gcc/mipsel-linux-gnu/6/cc1
    /usr/lib/gcc/mipsel-linux-gnu/6/cc1 -quiet -imultiarch mipsel-linux-gnu piolib.c -mel -quiet -dumpbase piolib.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mno-madd4 -mips32r2 "-mabi=32" -auxbase piolib -fPIC -o /tmp/ccjIRoUt.s
    3⤵
    - Writes file to tmp directory
    PID:739
- - /usr/local/sbin/as
    as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cceRKV0U.o /tmp/ccjIRoUt.s
    3⤵
    - System Network Configuration Discovery
    PID:748
- - /usr/local/bin/as
    as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cceRKV0U.o /tmp/ccjIRoUt.s
    3⤵
    - System Network Configuration Discovery
    PID:748
- - /usr/sbin/as
    as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cceRKV0U.o /tmp/ccjIRoUt.s
    3⤵
    - System Network Configuration Discovery
    PID:748
- - /usr/bin/as
    as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cceRKV0U.o /tmp/ccjIRoUt.s
    3⤵
    - System Network Configuration Discovery
    - Writes file to tmp directory
    PID:748
- - /usr/lib/gcc/mipsel-linux-gnu/6/collect2
    /usr/lib/gcc/mipsel-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc1VniqE.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -shared -melf32ltsmip -o piolib /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/cceRKV0U.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o
    3⤵
    - Writes file to tmp directory
    PID:751
  - - /usr/bin/ld
      /usr/bin/ld -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc1VniqE.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -shared -melf32ltsmip -o piolib /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/cceRKV0U.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o
      4⤵
      Writes file to tmp directory
      PID:753
- /usr/lpd/pio/etc/pioout
  /usr/lpd/pio/etc/pioout -R ./piolib
  2⤵
  PID:762
- /bin/rm
  rm -f piolib.c piolib
  2⤵
  PID:763

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/cceRKV0U.o

Filesize
2KB

MD5
a68bca23711ff07c64d9dfe93a8cf9f5

SHA1
ac0c6a9403c9bb695835f3c3e404b1c6c6b190fc

SHA256
e2442361f221d53439d06a2e1740b535418a903108a3ce035d184162b149887f

SHA512
34128731ae2f86558042f6dfb5dac0a6dfaba6e4ae5e3058abb3772a10087f2cabd54eb0bc97e51281959f0090143a4b28e8b19bf514cb1839eb91e664409937

Download Submit
/tmp/ccjIRoUt.s

Filesize
1KB

MD5
0525d7a2f4a193325fc83ec21613a45c

SHA1
69e4b9364cb6b25ec4a15a0efc9d97d29a444ec8

SHA256
c784e7ba262e78b7e0353402be7fb1b76d2bbc9aed1892df0e7adfa21609fd2e

SHA512
8016d9265ac5b8b495d0697f14f4ee2929add0362f7edeb2fd59a9fbc08908067cfb62d6aa750819e2aba494fb195c4b9152e42ec237d455472a9104d1308944

Download Submit
/tmp/platforms/aix/local/piolib

Filesize
5KB

MD5
0d9fb1571f108e68a61809e5e131b7e1

SHA1
6999377ef3cd3496051ec0fd48195c12c055b491

SHA256
f4d589fe925db3d1869307471029d4d49be49be418790f9c5cae7a47d7960349

SHA512
3e28bc0b2c87d9e03dd60a5118fce37561002e7fc008be867767d6baecf514542922509eb913c8fc02c39a2e5d550179d28ef7b9f69be9276e5e8bf3244f92a8

Download Submit
/tmp/platforms/aix/local/piolib.c

Filesize
273B

MD5
7d7d2ea6cde42ce582f464e4436246b9

SHA1
e902c4c205bff6e4e03506159d35891d68edbd62

SHA256
dee8d23345dc1b1f2ab6c126a3aa9d03800164e90d8f0823be48296ba6bce036

SHA512
8539d0ca0b56e8cbcf1d3a2e71db0b9aec4ff949dc9bae54657ecc87e94eeea3eee5d9b442c4c670142c6cd1fb48c568cab65dcf4f31ff4bab4ab2e60844f4d2

Download Submit