Overview

overview

10

Static

static

10

mips

debian-9-mips

7

Analysis

  • max time kernel
    61s
  • max time network
    60s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240418-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    01/01/2025, 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mips

  • Size

    103KB

  • MD5

    4a9e58e6ab428799caebadff9d0417a1

  • SHA1

    9a61f024abf4b15cb7ce9bb30e6cd5e9b602f915

  • SHA256

    9cfe627fa81f798ae426f7b262d16602c5f6e9273e464ed38cc0e65daa7647b5

  • SHA512

    351d81fefe90928500e0b7331ff2524cdb7a05bee134c67f3f55d7b65141c4ead233a586026eb591da9d377f50fcbd8eded6772786320c0abb20e621a6dddf3c

  • SSDEEP

    1536:zO9Bm/RtCZiqr33Dc48uuwD7CFKygt6c9e8WDC1ieMbFXIg:yBm/zCZiyn448uuvRgt6c9e8YC1GFXP

Score
7/10
defense_evasiondiscoveryevasionpersistenceprivilege_escalation

Malware Config

Signatures

  • Deletes Audit logs 1 TTPs 1 IoCs

    Deletes logs related to the Linux Audit framework.

    evasion
  • Deletes itself 1 IoCs
  • Deletes system logs 1 TTPs 2 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    evasion
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Deletes log files 1 TTPs 2 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies systemd 2 TTPs 1 IoCs

    Adds/ modifies systemd service files. Likely to achieve persistence.

    persistenceprivilege_escalation
  • Changes its process name 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/mips
    /tmp/mips
    1⤵
    • Deletes Audit logs
    • Deletes itself
    • Deletes system logs
    • Modifies Watchdog functionality
    • Deletes log files
    • Modifies systemd
    • Changes its process name
    • Reads runtime system information
    • System Network Configuration Discovery
    PID:726
    • /bin/sh
      sh -c "systemctl daemon-reload"
      2⤵
        PID:731
        • /bin/systemctl
          systemctl daemon-reload
          3⤵
          • Enumerates kernel/hardware configuration
          • Reads runtime system information
          PID:736
      • /bin/sh
        sh -c "systemctl enable startup_command.service"
        2⤵
          PID:748
          • /bin/systemctl
            systemctl enable startup_command.service
            3⤵
            • Enumerates kernel/hardware configuration
            PID:750

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /etc/systemd/system/startup_command.service
        Filesize

        361B

        MD5

        4d2c868f454b6c55731485cf0f886dc0

        SHA1

        032b125de0a28dcee8d8d25fbeeb56db7f403f04

        SHA256

        8c4ae1b82477698f3a8c273b439cb9079794afb8fc33cd4def854936ba37ea2c

        SHA512

        060b2413a0cb2dec0db059c190467b5cb0d76209effea4ae3de2701fa71429b811a6f7e11e813b26806cf72578d1f32b608a02a4ce670ec58b5b65433e3cf11d

        Download Submit