c1916587699fe975eb4d206cedb6be5dbae99ad4ea8426f08117c7f23dbb7d22

Analysis

max time kernel
103s
max time network
138s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
21-12-2024 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1916587699fe975eb4d206cedb6be5dbae99ad4ea8426f08117c7f23dbb7d22.elf
Size

83KB
MD5

9232a514454eaa6e6d5a4a742a9c4fdd
SHA1

1af8a8b2d2138b901524f1286e9402e59ffb4512
SHA256

c1916587699fe975eb4d206cedb6be5dbae99ad4ea8426f08117c7f23dbb7d22
SHA512

49b5e2ceefb72dffb2e196d5358a97d159ba9ddeb5f241e0ff432985b1e95fcb30453c8ebad1d2e2f62de4b83b6936dca2d78ad3c243cf3ea9cdd177970c14aa
SSDEEP

1536:IjEf1x6aVaqVazoaUIFt2A+yDgBqviTx3Sifel8owsJef4pnwgfzv/:Lfn6HtJgSi8iuwsSgfzv/

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (194543) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Unexpected DNS network traffic destination 6 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	51.158.108.203
Destination IP	81.169.136.222
Destination IP	213.202.211.221
Destination IP	109.91.184.21
Destination IP	168.235.111.72
Destination IP	109.91.184.21

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/usr/sbin/sshd	714	c1916587699fe975eb4d206cedb6be5dbae99ad4ea8426f08117c7f23dbb7d22.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/mounts	c1916587699fe975eb4d206cedb6be5dbae99ad4ea8426f08117c7f23dbb7d22.elf

/tmp/c1916587699fe975eb4d206cedb6be5dbae99ad4ea8426f08117c7f23dbb7d22.elf
/tmp/c1916587699fe975eb4d206cedb6be5dbae99ad4ea8426f08117c7f23dbb7d22.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:714

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads