Analysis
-
max time kernel
151s -
max time network
163s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
17-12-2024 04:25
Behavioral task
behavioral1
Sample
b9c2326f4b414646be35eb41f2606980c180a5ea78826ef7920bba190e98fb05.elf
Resource
debian12-mipsel-20240221-en
General
-
Target
b9c2326f4b414646be35eb41f2606980c180a5ea78826ef7920bba190e98fb05.elf
-
Size
82KB
-
MD5
3522a0c3157353be36cedf472b491c49
-
SHA1
e3ead805256cd1697c04c12ff4bc4c838bc7d8e0
-
SHA256
b9c2326f4b414646be35eb41f2606980c180a5ea78826ef7920bba190e98fb05
-
SHA512
fb1cac830174b9003506545e1c85652b8c4cc570a8cc17d84cdef690cf9512cbba8bdfb9daab25ead32eb3296d1b2d6097b845467dab501d5069e4080502a877
-
SSDEEP
1536:iVLyu95KRJkj752dCexuV/8UZlDwfkJ4MYfWy:iVLyMgGFezxu5VD1eX
Malware Config
Signatures
-
Contacts a large (34288) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification 1 TTPs 2 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 742 sh 756 chmod -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /bin/systemd 741 b9c2326f4b414646be35eb41f2606980c180a5ea78826ef7920bba190e98fb05.elf -
description ioc Process File opened for reading /proc/filesystems mkdir File opened for reading /proc/filesystems mv -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/bin/systemd sh
Processes
-
/tmp/b9c2326f4b414646be35eb41f2606980c180a5ea78826ef7920bba190e98fb05.elf/tmp/b9c2326f4b414646be35eb41f2606980c180a5ea78826ef7920bba190e98fb05.elf1⤵
- Changes its process name
PID:741 -
/bin/shsh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/b9c2326f4b414646be35eb41f2606980c180a5ea78826ef7920bba190e98fb05.elf bin/systemd; chmod 777 bin/systemd"2⤵
- File and Directory Permissions Modification
- Writes file to tmp directory
PID:742 -
/usr/bin/rmrm -rf bin/systemd3⤵PID:745
-
-
/usr/bin/mkdirmkdir bin3⤵
- Reads runtime system information
PID:747
-
-
/usr/bin/mvmv /tmp/b9c2326f4b414646be35eb41f2606980c180a5ea78826ef7920bba190e98fb05.elf bin/systemd3⤵
- Reads runtime system information
PID:751
-
-
/usr/bin/chmodchmod 777 bin/systemd3⤵
- File and Directory Permissions Modification
PID:756
-
-