30aafebbfbe471b83a1aa51bc0a2d9ad5f11211ee5a51c9e0461b918577fd327

Analysis

max time kernel
97s
max time network
156s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
13-12-2024 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mips.elf
Size

177KB
MD5

a8b7e629e9c1debcf53aff3ba95a3077
SHA1

0bb0a12147480fe0b158f932f78ec09ad19a38c6
SHA256

30aafebbfbe471b83a1aa51bc0a2d9ad5f11211ee5a51c9e0461b918577fd327
SHA512

62d52e69edf3038233ab9db187071fa2b4e60e88007da42107a723c845acfcc2ad881ab53fc0d9a96d4bfa49aff83177843f796d8e449aff3c96b58f0361d7c5
SSDEEP

3072:z6uSXvJnzjP0X/Ozpyi579Y5y5mt4Ontw6qux5/rpgB:z6uSXvJnvP0vOzYiAA0n/q65zpG

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	698	mips.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/806/cmdline	mips.elf
File opened for reading	/proc/373/cmdline	mips.elf
File opened for reading	/proc/691/cmdline	mips.elf
File opened for reading	/proc/751/cmdline	mips.elf
File opened for reading	/proc/803/cmdline	mips.elf
File opened for reading	/proc/708/cmdline	mips.elf
File opened for reading	/proc/734/cmdline	mips.elf
File opened for reading	/proc/772/cmdline	mips.elf
File opened for reading	/proc/798/cmdline	mips.elf
File opened for reading	/proc/8/cmdline	mips.elf
File opened for reading	/proc/37/cmdline	mips.elf
File opened for reading	/proc/316/cmdline	mips.elf
File opened for reading	/proc/695/cmdline	mips.elf
File opened for reading	/proc/778/cmdline	mips.elf
File opened for reading	/proc/800/cmdline	mips.elf
File opened for reading	/proc/7/cmdline	mips.elf
File opened for reading	/proc/69/cmdline	mips.elf
File opened for reading	/proc/729/cmdline	mips.elf
File opened for reading	/proc/738/cmdline	mips.elf
File opened for reading	/proc/794/cmdline	mips.elf
File opened for reading	/proc/2/cmdline	mips.elf
File opened for reading	/proc/10/cmdline	mips.elf
File opened for reading	/proc/713/cmdline	mips.elf
File opened for reading	/proc/766/cmdline	mips.elf
File opened for reading	/proc/754/cmdline	mips.elf
File opened for reading	/proc/775/cmdline	mips.elf
File opened for reading	/proc/70/cmdline	mips.elf
File opened for reading	/proc/76/cmdline	mips.elf
File opened for reading	/proc/724/cmdline	mips.elf
File opened for reading	/proc/725/cmdline	mips.elf
File opened for reading	/proc/773/cmdline	mips.elf
File opened for reading	/proc/776/cmdline	mips.elf
File opened for reading	/proc/786/cmdline	mips.elf
File opened for reading	/proc/796/cmdline	mips.elf
File opened for reading	/proc/11/cmdline	mips.elf
File opened for reading	/proc/479/cmdline	mips.elf
File opened for reading	/proc/764/cmdline	mips.elf
File opened for reading	/proc/769/cmdline	mips.elf
File opened for reading	/proc/768/cmdline	mips.elf
File opened for reading	/proc/19/cmdline	mips.elf
File opened for reading	/proc/722/cmdline	mips.elf
File opened for reading	/proc/757/cmdline	mips.elf
File opened for reading	/proc/761/cmdline	mips.elf
File opened for reading	/proc/732/cmdline	mips.elf
File opened for reading	/proc/750/cmdline	mips.elf
File opened for reading	/proc/9/cmdline	mips.elf
File opened for reading	/proc/697/cmdline	mips.elf
File opened for reading	/proc/704/cmdline	mips.elf
File opened for reading	/proc/726/cmdline	mips.elf
File opened for reading	/proc/787/cmdline	mips.elf
File opened for reading	/proc/1/cmdline	mips.elf
File opened for reading	/proc/701/cmdline	mips.elf
File opened for reading	/proc/739/cmdline	mips.elf
File opened for reading	/proc/756/cmdline	mips.elf
File opened for reading	/proc/318/cmdline	mips.elf
File opened for reading	/proc/478/cmdline	mips.elf
File opened for reading	/proc/797/cmdline	mips.elf
File opened for reading	/proc/12/cmdline	mips.elf
File opened for reading	/proc/690/cmdline	mips.elf
File opened for reading	/proc/719/cmdline	mips.elf
File opened for reading	/proc/789/cmdline	mips.elf
File opened for reading	/proc/763/cmdline	mips.elf
File opened for reading	/proc/783/cmdline	mips.elf
File opened for reading	/proc/807/cmdline	mips.elf

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
698	mips.elf

/tmp/mips.elf
/tmp/mips.elf
1⤵
- Changes its process name
- Reads runtime system information
- System Network Configuration Discovery
PID:698

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads