4293af8935a04810c1a0edf22120d6780b8fc31cb9ed0e1ba6306fdff15e03c9

Analysis

max time kernel
49s
max time network
143s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
21-12-2024 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nshkmips.elf
Size

91KB
MD5

3e28033a1dd0ba3934530dd900d53456
SHA1

ef4666b2655feade63925a546f2fc9e2a86269d7
SHA256

4293af8935a04810c1a0edf22120d6780b8fc31cb9ed0e1ba6306fdff15e03c9
SHA512

73c5b7ef016a91bd7bef7e051e21c580fb6831bf621530b1a24bf1a3b095127d61b6290e791835caf7ac2cf0f733c4460781b6b1040cea1558f24e0385ff0de4
SSDEEP

1536:w4PToD4rofjA/CFEsQ3HZW6ZWmuW5SU/WFfqLMxYkGCC0yxe3xKTRh5zCQ:wGXx/CbQ3HSqkYkGC3yJFh5zCQ

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (151942) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	51.158.108.203
Destination IP	152.53.15.127
Destination IP	185.181.61.24
Destination IP	185.181.61.24

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/usr/sbin/ntpd	707	nshkmips.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/mounts	nshkmips.elf

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
707	nshkmips.elf

/tmp/nshkmips.elf
/tmp/nshkmips.elf
1⤵
- Changes its process name
- Reads runtime system information
- System Network Configuration Discovery
PID:707

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads