8b4e54f07ee4fc6903223c20479f446f2110fea7b8bd27659eb5cbef8e89c2ab

Analysis

max time kernel
149s
max time network
146s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
30/12/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mips.elf
Size

78KB
MD5

0f622dadae496e8a949ceb4467a85c83
SHA1

0f35da4afb4edc6b778b001ec7e56838f5405f1b
SHA256

8b4e54f07ee4fc6903223c20479f446f2110fea7b8bd27659eb5cbef8e89c2ab
SHA512

854cde2f8f06a942cafadeeb4729cf4c73a6c03f2cccceb3c313ebd5820e5a9bf24b84c3bc916293642596635b20c788a9c684759771557d1cac2c3c65cf96a8
SSDEEP

768:rjdMhK5uLH9mhK5uLHBnPhK5uLHNlWLq8fWjylsbWjyl5gEHPiCRI8Vz40MtfdhU:v9Cc4CFJ1WsqzG1fKGiBeFymQZnHy

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
703	mips.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	704	mips.elf
Changes the process name, possibly in an attempt to hide itself	nginx	705	mips.elf
Changes the process name, possibly in an attempt to hide itself	inetd	706	mips.elf
Changes the process name, possibly in an attempt to hide itself	sshd	707	mips.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/7/cmdline	mips.elf
File opened for reading	/proc/36/cmdline	mips.elf
File opened for reading	/proc/681/cmdline	mips.elf
File opened for reading	/proc/323/cmdline	mips.elf
File opened for reading	/proc/427/cmdline	mips.elf
File opened for reading	/proc/665/cmdline	mips.elf
File opened for reading	/proc/772/cmdline	mips.elf
File opened for reading	/proc/698/cmdline	mips.elf
File opened for reading	/proc/710/cmdline	mips.elf
File opened for reading	/proc/9/cmdline	mips.elf
File opened for reading	/proc/19/cmdline	mips.elf
File opened for reading	/proc/73/cmdline	mips.elf
File opened for reading	/proc/348/cmdline	mips.elf
File opened for reading	/proc/351/cmdline	mips.elf
File opened for reading	/proc/695/cmdline	mips.elf
File opened for reading	/proc/20/cmdline	mips.elf
File opened for reading	/proc/120/cmdline	mips.elf
File opened for reading	/proc/16/cmdline	mips.elf
File opened for reading	/proc/17/cmdline	mips.elf
File opened for reading	/proc/696/cmdline	mips.elf
File opened for reading	/proc/701/cmdline	mips.elf
File opened for reading	/proc/768/cmdline	mips.elf
File opened for reading	/proc/15/cmdline	mips.elf
File opened for reading	/proc/111/cmdline	mips.elf
File opened for reading	/proc/150/cmdline	mips.elf
File opened for reading	/proc/376/cmdline	mips.elf
File opened for reading	/proc/1/cmdline	mips.elf
File opened for reading	/proc/2/cmdline	mips.elf
File opened for reading	/proc/74/cmdline	mips.elf
File opened for reading	/proc/375/cmdline	mips.elf
File opened for reading	/proc/706/cmdline	mips.elf
File opened for reading	/proc/322/cmdline	mips.elf
File opened for reading	/proc/674/cmdline	mips.elf
File opened for reading	/proc/702/cmdline	mips.elf
File opened for reading	/proc/18/cmdline	mips.elf
File opened for reading	/proc/75/cmdline	mips.elf
File opened for reading	/proc/84/cmdline	mips.elf
File opened for reading	/proc/155/cmdline	mips.elf
File opened for reading	/proc/232/cmdline	mips.elf
File opened for reading	/proc/780/cmdline	mips.elf
File opened for reading	/proc/11/cmdline	mips.elf
File opened for reading	/proc/14/cmdline	mips.elf
File opened for reading	/proc/70/cmdline	mips.elf
File opened for reading	/proc/347/cmdline	mips.elf
File opened for reading	/proc/5/cmdline	mips.elf
File opened for reading	/proc/6/cmdline	mips.elf
File opened for reading	/proc/12/cmdline	mips.elf
File opened for reading	/proc/23/cmdline	mips.elf
File opened for reading	/proc/173/cmdline	mips.elf
File opened for reading	/proc/707/cmdline	mips.elf
File opened for reading	/proc/319/cmdline	mips.elf
File opened for reading	/proc/379/cmdline	mips.elf
File opened for reading	/proc/13/cmdline	mips.elf
File opened for reading	/proc/37/cmdline	mips.elf
File opened for reading	/proc/71/cmdline	mips.elf
File opened for reading	/proc/76/cmdline	mips.elf
File opened for reading	/proc/80/cmdline	mips.elf
File opened for reading	/proc/82/cmdline	mips.elf
File opened for reading	/proc/673/cmdline	mips.elf
File opened for reading	/proc/10/cmdline	mips.elf
File opened for reading	/proc/78/cmdline	mips.elf
File opened for reading	/proc/24/cmdline	mips.elf
File opened for reading	/proc/669/cmdline	mips.elf
File opened for reading	/proc/8/cmdline	mips.elf

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
703	mips.elf

/tmp/mips.elf
/tmp/mips.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
- System Network Configuration Discovery
PID:703

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads