dd3aedbe6f95373ad7621c1714424bdadbca7fa90f8670f96b9bab90c873dc18

Analysis

max time kernel
124s
max time network
156s
platform
debian-12_mipsel
resource
debian12-mipsel-20240418-en
resource tags

arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
22-12-2024 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37257ac4ac699fd4b99d3ccc48cc79bc65194d4f400c13faf026218396cf14da.elf
Size

95KB
MD5

7d5ac43f1458b7fe68f24287f9732fa8
SHA1

6f71e0c62e1bb10cfbfd0aae0606009cd79fe019
SHA256

37257ac4ac699fd4b99d3ccc48cc79bc65194d4f400c13faf026218396cf14da
SHA512

282e103cd331016d2df58543a37f3b8ab3ec073edcf88b8b1451330d34b45e2f79ef108eb27bae191eae4c336f97e842be239cc87ee509cb4ee23bfe071454e1
SSDEEP

1536:XJwbamjisDu7Xj0coVRolo5Ce3El0mqB+ZPEfKELUpiYwuV04ozd:XJca62TxBeUl0mW+Fwkozd

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (231619) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Unexpected DNS network traffic destination 11 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	202.61.197.122
Destination IP	168.138.12.137
Destination IP	80.152.203.134
Destination IP	185.181.61.24
Destination IP	152.53.15.127
Destination IP	51.158.108.203
Destination IP	168.235.111.72
Destination IP	213.202.211.221
Destination IP	217.160.70.42
Destination IP	194.36.144.87
Destination IP	185.181.61.24

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	[kdevtmpfs]	745	37257ac4ac699fd4b99d3ccc48cc79bc65194d4f400c13faf026218396cf14da.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/mounts	37257ac4ac699fd4b99d3ccc48cc79bc65194d4f400c13faf026218396cf14da.elf

/tmp/37257ac4ac699fd4b99d3ccc48cc79bc65194d4f400c13faf026218396cf14da.elf
/tmp/37257ac4ac699fd4b99d3ccc48cc79bc65194d4f400c13faf026218396cf14da.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:745

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads