Analysis
-
max time kernel
98s -
max time network
119s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
31/12/2024, 13:36
Behavioral task
behavioral1
Sample
mips
Resource
debian9-mipsbe-20240611-en
debian-9-mips
9 signatures
120 seconds
General
-
Target
mips
-
Size
98KB
-
MD5
19d9a11f6ebc16298e76f4ec3548a077
-
SHA1
e0c164a4f9da1536828acec7fd9db3cf75950cd5
-
SHA256
855b97db6e15db33233f81abbdd2913f52efcb25d943efb5e5f4cbbfd102f1e4
-
SHA512
b0123f4a3c673922770da0b219a743564923310a6aee21741664f95a21586a3c57fcbae4247814b0f60a97187b006c9d52a56c3f1335fe46edf388734e86b60e
-
SSDEEP
1536:jdEZWNdknoXkzFhwGGkCq9hUg8JABArDr3T/cx/exrHSYg:6ZWNenoX2nEq9qrrDr3TUxyHSD
Score
7/10
Malware Config
Signatures
-
description ioc Process File deleted /var/log/audit/audit.log mips -
Deletes itself 1 IoCs
pid Process 718 mips -
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
description ioc Process File deleted /var/log/syslog mips -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog mips File opened for modification /dev/misc/watchdog mips -
description ioc Process File deleted /var/log/daemon.log mips -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself 61s1tr2j8pbf 718 mips -
description ioc Process File opened for reading /proc/790/cmdline mips File opened for reading /proc/710/cmdline mips File opened for reading /proc/720/cmdline mips File opened for reading /proc/765/cmdline mips File opened for reading /proc/84/cmdline mips File opened for reading /proc/723/cmdline mips File opened for reading /proc/810/cmdline mips File opened for reading /proc/71/cmdline mips File opened for reading /proc/741/cmdline mips File opened for reading /proc/924/cmdline mips File opened for reading /proc/927/cmdline mips File opened for reading /proc/361/cmdline mips File opened for reading /proc/684/cmdline mips File opened for reading /proc/809/cmdline mips File opened for reading /proc/734/cmdline mips File opened for reading /proc/791/cmdline mips File opened for reading /proc/876/cmdline mips File opened for reading /proc/804/cmdline mips File opened for reading /proc/837/cmdline mips File opened for reading /proc/838/cmdline mips File opened for reading /proc/356/cmdline mips File opened for reading /proc/737/cmdline mips File opened for reading /proc/777/cmdline mips File opened for reading /proc/747/cmdline mips File opened for reading /proc/784/cmdline mips File opened for reading /proc/897/cmdline mips File opened for reading /proc/358/cmdline mips File opened for reading /proc/756/cmdline mips File opened for reading /proc/816/cmdline mips File opened for reading /proc/795/cmdline mips File opened for reading /proc/895/cmdline mips File opened for reading /proc/749/cmdline mips File opened for reading /proc/759/cmdline mips File opened for reading /proc/762/cmdline mips File opened for reading /proc/833/cmdline mips File opened for reading /proc/874/cmdline mips File opened for reading /proc/731/cmdline mips File opened for reading /proc/893/cmdline mips File opened for reading /proc/911/cmdline mips File opened for reading /proc/755/cmdline mips File opened for reading /proc/840/cmdline mips File opened for reading /proc/24/cmdline mips File opened for reading /proc/433/cmdline mips File opened for reading /proc/906/cmdline mips File opened for reading /proc/846/cmdline mips File opened for reading /proc/850/cmdline mips File opened for reading /proc/912/cmdline mips File opened for reading /proc/847/cmdline mips File opened for reading /proc/859/cmdline mips File opened for reading /proc/923/cmdline mips File opened for reading /proc/22/cmdline mips File opened for reading /proc/802/cmdline mips File opened for reading /proc/824/cmdline mips File opened for reading /proc/758/cmdline mips File opened for reading /proc/761/cmdline mips File opened for reading /proc/9/cmdline mips File opened for reading /proc/16/cmdline mips File opened for reading /proc/81/cmdline mips File opened for reading /proc/793/cmdline mips File opened for reading /proc/695/cmdline mips File opened for reading /proc/772/cmdline mips File opened for reading /proc/857/cmdline mips File opened for reading /proc/746/cmdline mips File opened for reading /proc/862/cmdline mips -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 718 mips