Overview

overview

10

Static

static

10

客户端(...EY.exe

windows7-x64

9

客户端(...EY.exe

windows10-2004-x64

9

UDP.exe

windows7-x64

3

UDP.exe

windows10-2004-x64

3

a

ubuntu-24.04-amd64

8

arm1

debian-9-armhf

4

bj.exe

windows7-x64

10

bj.exe

windows10-2004-x64

10

bjyk.exe

windows7-x64

10

bjyk.exe

windows10-2004-x64

10

cctv.exe

windows7-x64

7

cctv.exe

windows10-2004-x64

10

cctv_2.exe

windows7-x64

1

cctv_2.exe

windows10-2004-x64

10

cn.exe

windows7-x64

7

cn.exe

windows10-2004-x64

7

cn1.exe

windows7-x64

7

cn1.exe

windows10-2004-x64

3

dhl.exe

windows7-x64

10

dhl.exe

windows10-2004-x64

10

java

ubuntu-18.04-amd64

4

java (2)

ubuntu-24.04-amd64

1

java1

ubuntu-24.04-amd64

7

k5.exe

windows7-x64

8

k5.exe

windows10-2004-x64

10

ly1

debian-9-mips

3

mh.exe

windows7-x64

10

mh.exe

windows10-2004-x64

10

mips

debian-12-mipsel

4

pjhxx

ubuntu-24.04-amd64

1

rootkit

ubuntu-24.04-amd64

8

se.exe

windows7-x64

7

Resubmissions

02-01-2025 21:33

250102-1ejbvswpcv 10

08-12-2024 01:12

241208-bkq68azkep 10

Analysis

  • max time kernel
    150s
  • max time network
    162s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240221-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    02-01-2025 21:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mips

  • Size

    1.1MB

  • MD5

    a883bae381125e862c109af67b3cfda4

  • SHA1

    852f169460932eb49c13fb6050fcdbafcd354af9

  • SHA256

    5d9f4ec734cf44f342a45f7de4ba0e208ec141ce47e32b3bc7d0666eff538fe5

  • SHA512

    40a9804c5f900c3370ac856172c496347faec0187489c9e5d496923dc27f7b2138bfa2c43550acab44fb331ced5e2993fe84ff737f87275fbb74a4eb7b502738

  • SSDEEP

    12288:v0gZjw/mGyri7g8Nyllxm+KYCy1aPrfWf47b/d+qdeaQklaHhmM7tL+GSPlXJZra:VETLPAFHcMJ6l5ZZVtGAi3YKhAxtK

Score
4/10
discovery

Malware Config

Signatures

  • Reads CPU attributes 1 TTPs 1 IoCs
    discovery
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery
  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 9 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/mips
    /tmp/mips
    1⤵
    • Reads CPU attributes
    • Reads system network configuration
    • Reads runtime system information
    • System Network Configuration Discovery
    PID:773
    • /bin/sh
      sh -c "sed -i -e '/exit/d' /etc/rc.local"
      2⤵
        PID:775
        • /usr/bin/sed
          sed -i -e /exit/d /etc/rc.local
          3⤵
          • Reads runtime system information
          PID:776
      • /bin/sh
        sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
        2⤵
          PID:778
          • /usr/bin/sed
            sed -i -e "/^ | | \$/d" /etc/rc.local
            3⤵
            • Reads runtime system information
            PID:780
        • /bin/sh
          sh -c "sed -i -e '/mips reboot/d' /etc/rc.local"
          2⤵
          • System Network Configuration Discovery
          PID:784
          • /usr/bin/sed
            sed -i -e "/mips reboot/d" /etc/rc.local
            3⤵
            • Reads runtime system information
            • System Network Configuration Discovery
            PID:785
        • /bin/sh
          sh -c "sed -i -e '2 i/tmp/mips reboot' /etc/rc.local"
          2⤵
          • System Network Configuration Discovery
          PID:786
          • /usr/bin/sed
            sed -i -e "2 i/tmp/mips reboot" /etc/rc.local
            3⤵
            • Reads runtime system information
            • System Network Configuration Discovery
            PID:787
        • /bin/sh
          sh -c "sed -i -e '2 i/tmp/mips reboot start' /etc/rc.d/rc.local"
          2⤵
          • System Network Configuration Discovery
          PID:788
          • /usr/bin/sed
            sed -i -e "2 i/tmp/mips reboot start" /etc/rc.d/rc.local
            3⤵
            • Reads runtime system information
            • System Network Configuration Discovery
            PID:789
        • /bin/sh
          sh -c "sed -i -e '2 i/tmp/mips reboot start' /etc/init.d/boot.local"
          2⤵
          • System Network Configuration Discovery
          PID:790
          • /usr/bin/sed
            sed -i -e "2 i/tmp/mips reboot start" /etc/init.d/boot.local
            3⤵
            • Reads runtime system information
            • System Network Configuration Discovery
            PID:791

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads