Analysis
-
max time kernel
122s -
max time network
167s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
-
submitted
21-12-2024 02:58
General
-
Target
b1afe19d92ceafc19868ceaaff7ca91d415f7e02106e127a21e0944e2ebf9f24.elf
-
Size
95KB
-
MD5
2b671c0e7ee1068632e6d2ff298c7486
-
SHA1
dc3d668edbe45dedc44460ec4878c0025063de01
-
SHA256
b1afe19d92ceafc19868ceaaff7ca91d415f7e02106e127a21e0944e2ebf9f24
-
SHA512
d8e546396aebd33072b47fb5a0608c30ceae15524fb48f03deec2325e881959dd724d6deda9eb363ffc8484bbad6dd0335dd2f0b1f75ac54838e752d12a15843
-
SSDEEP
1536:69gBeHbiMX4cHa0aZL/TsUAd/7MnneIOAPZ6y1Dib9pJkq5ODXuzALzZ:69gBqtXpHgCzMnneI3P012XuzA5
Score
9/10
Malware Config
Signatures
-
Contacts a large (227519) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Unexpected DNS network traffic destination 4 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Changes its process name 1 IoCs
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/b1afe19d92ceafc19868ceaaff7ca91d415f7e02106e127a21e0944e2ebf9f24.elf/tmp/b1afe19d92ceafc19868ceaaff7ca91d415f7e02106e127a21e0944e2ebf9f24.elf1⤵
- Changes its process name
- Reads runtime system information