Analysis
-
max time kernel
150s -
max time network
146s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
01/01/2025, 14:05
Behavioral task
behavioral1
Sample
mips5
Resource
debian9-mipsbe-20240611-en
debian-9-mips
9 signatures
150 seconds
General
-
Target
mips5
-
Size
96KB
-
MD5
2899d054de4f34ff07c59d0f0e50f75d
-
SHA1
82f490c45c0cfe0cd811b734bf681c69adfb3787
-
SHA256
db021cfa72c766fe2460181971f038cb676a87d445bdf84fb99c1da4d9878f0f
-
SHA512
535d1434b5fd02c22be87f20ffa503861068c5938dea414a43778b30ce017c31dee97f1e5c36307b3f4df79a7bb5c18fb6c4e12531a983c317f24283867c83e0
-
SSDEEP
1536:ckOBZa5+bCigwgOUL+iJhUlsCpJF6b7ksjar/7eINoxO0S:cBZaAbCicxrhURGb7ksj8/QO0S
Score
7/10
Malware Config
Signatures
-
description ioc Process File deleted /var/log/audit/audit.log mips5 -
Deletes itself 1 IoCs
pid Process 699 mips5 -
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
description ioc Process File deleted /var/log/syslog mips5 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog mips5 File opened for modification /dev/misc/watchdog mips5 -
description ioc Process File deleted /var/log/daemon.log mips5 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself l10nu7k2jgc7tuhf7abvagv4w5ouh0um 699 mips5 -
description ioc Process File opened for reading /proc/6/cmdline mips5 File opened for reading /proc/950/cmdline mips5 File opened for reading /proc/690/cmdline mips5 File opened for reading /proc/721/cmdline mips5 File opened for reading /proc/800/cmdline mips5 File opened for reading /proc/891/cmdline mips5 File opened for reading /proc/860/cmdline mips5 File opened for reading /proc/18/cmdline mips5 File opened for reading /proc/771/cmdline mips5 File opened for reading /proc/235/cmdline mips5 File opened for reading /proc/760/cmdline mips5 File opened for reading /proc/913/cmdline mips5 File opened for reading /proc/78/cmdline mips5 File opened for reading /proc/676/cmdline mips5 File opened for reading /proc/847/cmdline mips5 File opened for reading /proc/857/cmdline mips5 File opened for reading /proc/720/cmdline mips5 File opened for reading /proc/879/cmdline mips5 File opened for reading /proc/917/cmdline mips5 File opened for reading /proc/779/cmdline mips5 File opened for reading /proc/748/cmdline mips5 File opened for reading /proc/778/cmdline mips5 File opened for reading /proc/798/cmdline mips5 File opened for reading /proc/810/cmdline mips5 File opened for reading /proc/832/cmdline mips5 File opened for reading /proc/77/cmdline mips5 File opened for reading /proc/114/cmdline mips5 File opened for reading /proc/717/cmdline mips5 File opened for reading /proc/741/cmdline mips5 File opened for reading /proc/766/cmdline mips5 File opened for reading /proc/910/cmdline mips5 File opened for reading /proc/911/cmdline mips5 File opened for reading /proc/967/cmdline mips5 File opened for reading /proc/3/cmdline mips5 File opened for reading /proc/19/cmdline mips5 File opened for reading /proc/69/cmdline mips5 File opened for reading /proc/742/cmdline mips5 File opened for reading /proc/772/cmdline mips5 File opened for reading /proc/787/cmdline mips5 File opened for reading /proc/828/cmdline mips5 File opened for reading /proc/863/cmdline mips5 File opened for reading /proc/870/cmdline mips5 File opened for reading /proc/937/cmdline mips5 File opened for reading /proc/750/cmdline mips5 File opened for reading /proc/856/cmdline mips5 File opened for reading /proc/906/cmdline mips5 File opened for reading /proc/715/cmdline mips5 File opened for reading /proc/938/cmdline mips5 File opened for reading /proc/730/cmdline mips5 File opened for reading /proc/456/cmdline mips5 File opened for reading /proc/726/cmdline mips5 File opened for reading /proc/744/cmdline mips5 File opened for reading /proc/864/cmdline mips5 File opened for reading /proc/334/cmdline mips5 File opened for reading /proc/854/cmdline mips5 File opened for reading /proc/4/cmdline mips5 File opened for reading /proc/73/cmdline mips5 File opened for reading /proc/74/cmdline mips5 File opened for reading /proc/718/cmdline mips5 File opened for reading /proc/816/cmdline mips5 File opened for reading /proc/968/cmdline mips5 File opened for reading /proc/884/cmdline mips5 File opened for reading /proc/892/cmdline mips5 File opened for reading /proc/853/cmdline mips5 -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 699 mips5