Analysis
-
max time kernel
66s -
max time network
156s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
-
submitted
22-12-2024 02:20
General
-
Target
875ec9e70673f8049e02d6d061e6bec597dbe68ccb31cfdaad54d2c05b6d1c7b.elf
-
Size
95KB
-
MD5
5f9077245a8bd881f4a484ede89d6e4d
-
SHA1
ad002c54c920ba8a336e41dd6638b9ed6bc13f62
-
SHA256
875ec9e70673f8049e02d6d061e6bec597dbe68ccb31cfdaad54d2c05b6d1c7b
-
SHA512
2140fad63ffffef28c978d74a6414f776b9ecd0d199502f533f081c5d4a4666cd90f8acbc501ba626d084bc1c8ac15671487e5b855546553b9f4fedf8d465cbd
-
SSDEEP
1536:NO7ijkRfjMudJkVlFCxFCSiCJ6TPPb/0ggyTjhnnVQ6e9P0DRdz3u:HYyuIVB70KTjhnVQ8Rdz3u
Score
9/10
Malware Config
Signatures
-
Contacts a large (103698) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Unexpected DNS network traffic destination 9 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Changes its process name 1 IoCs
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/875ec9e70673f8049e02d6d061e6bec597dbe68ccb31cfdaad54d2c05b6d1c7b.elf/tmp/875ec9e70673f8049e02d6d061e6bec597dbe68ccb31cfdaad54d2c05b6d1c7b.elf1⤵
- Changes its process name
- Reads runtime system information