aa4bc33692c6406dc3bf33a51067018a7e3a41caf3ae196e77c5ee9feec13f5b

Analysis

max time kernel
150s
max time network
134s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
24-12-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.mips.elf
Size

177KB
MD5

6468b542983d5fed258bfb49da05de3a
SHA1

3c9c36738dbad1c96e2a32fe5856f9c594910bf8
SHA256

aa4bc33692c6406dc3bf33a51067018a7e3a41caf3ae196e77c5ee9feec13f5b
SHA512

26c2c0b152f3bc7ddd10081a3e2b15d15c44a7bb5bcabcd4d1dac0419797f6e37b9d1ecbdea860d1b5ad4370233df5a9afebde185eb50807520829b1514be6f8
SSDEEP

3072:f6uSXvJnzjP0jSHzpyi579Yxy52tIen9A6qewZQDhaMh:f6uSXvJnvP0+HzYigAEnfqnZ4haa

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	710	bot.mips.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/231/cmdline	bot.mips.elf
File opened for reading	/proc/731/cmdline	bot.mips.elf
File opened for reading	/proc/747/cmdline	bot.mips.elf
File opened for reading	/proc/1/cmdline	bot.mips.elf
File opened for reading	/proc/774/cmdline	bot.mips.elf
File opened for reading	/proc/788/cmdline	bot.mips.elf
File opened for reading	/proc/793/cmdline	bot.mips.elf
File opened for reading	/proc/803/cmdline	bot.mips.elf
File opened for reading	/proc/765/cmdline	bot.mips.elf
File opened for reading	/proc/779/cmdline	bot.mips.elf
File opened for reading	/proc/7/cmdline	bot.mips.elf
File opened for reading	/proc/140/cmdline	bot.mips.elf
File opened for reading	/proc/390/cmdline	bot.mips.elf
File opened for reading	/proc/729/cmdline	bot.mips.elf
File opened for reading	/proc/763/cmdline	bot.mips.elf
File opened for reading	/proc/764/cmdline	bot.mips.elf
File opened for reading	/proc/802/cmdline	bot.mips.elf
File opened for reading	/proc/146/cmdline	bot.mips.elf
File opened for reading	/proc/711/cmdline	bot.mips.elf
File opened for reading	/proc/715/cmdline	bot.mips.elf
File opened for reading	/proc/716/cmdline	bot.mips.elf
File opened for reading	/proc/740/cmdline	bot.mips.elf
File opened for reading	/proc/6/cmdline	bot.mips.elf
File opened for reading	/proc/668/cmdline	bot.mips.elf
File opened for reading	/proc/677/cmdline	bot.mips.elf
File opened for reading	/proc/813/cmdline	bot.mips.elf
File opened for reading	/proc/791/cmdline	bot.mips.elf
File opened for reading	/proc/794/cmdline	bot.mips.elf
File opened for reading	/proc/2/cmdline	bot.mips.elf
File opened for reading	/proc/9/cmdline	bot.mips.elf
File opened for reading	/proc/707/cmdline	bot.mips.elf
File opened for reading	/proc/717/cmdline	bot.mips.elf
File opened for reading	/proc/732/cmdline	bot.mips.elf
File opened for reading	/proc/782/cmdline	bot.mips.elf
File opened for reading	/proc/797/cmdline	bot.mips.elf
File opened for reading	/proc/69/cmdline	bot.mips.elf
File opened for reading	/proc/113/cmdline	bot.mips.elf
File opened for reading	/proc/776/cmdline	bot.mips.elf
File opened for reading	/proc/810/cmdline	bot.mips.elf
File opened for reading	/proc/4/cmdline	bot.mips.elf
File opened for reading	/proc/21/cmdline	bot.mips.elf
File opened for reading	/proc/766/cmdline	bot.mips.elf
File opened for reading	/proc/338/cmdline	bot.mips.elf
File opened for reading	/proc/714/cmdline	bot.mips.elf
File opened for reading	/proc/720/cmdline	bot.mips.elf
File opened for reading	/proc/750/cmdline	bot.mips.elf
File opened for reading	/proc/773/cmdline	bot.mips.elf
File opened for reading	/proc/16/cmdline	bot.mips.elf
File opened for reading	/proc/24/cmdline	bot.mips.elf
File opened for reading	/proc/71/cmdline	bot.mips.elf
File opened for reading	/proc/414/cmdline	bot.mips.elf
File opened for reading	/proc/736/cmdline	bot.mips.elf
File opened for reading	/proc/749/cmdline	bot.mips.elf
File opened for reading	/proc/787/cmdline	bot.mips.elf
File opened for reading	/proc/798/cmdline	bot.mips.elf
File opened for reading	/proc/799/cmdline	bot.mips.elf
File opened for reading	/proc/8/cmdline	bot.mips.elf
File opened for reading	/proc/343/cmdline	bot.mips.elf
File opened for reading	/proc/701/cmdline	bot.mips.elf
File opened for reading	/proc/723/cmdline	bot.mips.elf
File opened for reading	/proc/768/cmdline	bot.mips.elf
File opened for reading	/proc/36/cmdline	bot.mips.elf
File opened for reading	/proc/104/cmdline	bot.mips.elf
File opened for reading	/proc/112/cmdline	bot.mips.elf

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
710	bot.mips.elf

/tmp/bot.mips.elf
/tmp/bot.mips.elf
1⤵
- Changes its process name
- Reads runtime system information
- System Network Configuration Discovery
PID:710

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads