Overview

overview

10

Static

static

10

22633b8d95...3a.elf

debian-12-mipsel

7

Analysis

  • max time kernel
    151s
  • max time network
    144s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240418-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    07-01-2025 02:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22633b8d957952975d5680571716b1c2e5b392516a7218a51f3221af2c71d33a.elf

  • Size

    106KB

  • MD5

    aa498d8b14dff7783d7f01d4d4c9f8e4

  • SHA1

    94f84785a89ce84f4977178eaf5524c05831832e

  • SHA256

    22633b8d957952975d5680571716b1c2e5b392516a7218a51f3221af2c71d33a

  • SHA512

    0f9b0c5e61c2488f377aaa36ee9e0a89592367770609172bd9f50c311db6faa2d11005b0317795a79bb47e2fa4d37f64147ba62fd8c1fca74c70738db5526f68

  • SSDEEP

    1536:ygXHwnODnP1QGpapwiYiQ/GO4DqUXZSJvD3ZCu3qS9mTcH:y6HwnODnP112nJSVD3zUc

Score
7/10
defense_evasiondiscoveryevasionpersistenceprivilege_escalation

Malware Config

Signatures

  • Deletes Audit logs 1 TTPs 1 IoCs

    Deletes logs related to the Linux Audit framework.

    evasion
  • Deletes itself 1 IoCs
  • Deletes journal logs 1 TTPs 1 IoCs

    Deletes systemd journal logs. Likely to evade detection.

    evasion
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies systemd 2 TTPs 1 IoCs

    Adds/ modifies systemd service files. Likely to achieve persistence.

    persistenceprivilege_escalation
  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/22633b8d957952975d5680571716b1c2e5b392516a7218a51f3221af2c71d33a.elf
    /tmp/22633b8d957952975d5680571716b1c2e5b392516a7218a51f3221af2c71d33a.elf
    1⤵
    • Deletes Audit logs
    • Deletes itself
    • Deletes journal logs
    • Modifies Watchdog functionality
    • Deletes log files
    • Modifies systemd
    • Changes its process name
    • Reads runtime system information
    PID:742
    • /bin/sh
      sh -c "systemctl daemon-reload"
      2⤵
        PID:749
        • /usr/bin/systemctl
          systemctl daemon-reload
          3⤵
            PID:751
        • /bin/sh
          sh -c "systemctl enable startup_command.service"
          2⤵
            PID:860
            • /usr/bin/systemctl
              systemctl enable startup_command.service
              3⤵
                PID:871

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /etc/systemd/system/startup_command.service
            Filesize

            361B

            MD5

            af7d62b73266e0b457b114fe91f7e926

            SHA1

            11261aef4573b56b67b32020049c69c7282fc212

            SHA256

            14cb525e5a6b8aaf20c38672f8a9f974a684990888214848818326a739906642

            SHA512

            3926fbb53496c3aaa34cc782bd5c8379e0ab94b11fe4e63bbbfeac4e2b5057369c94bbe25ac56c3f04363076c91b978f9199fed97c5ed8377a6dc852b01ebfd9

            Download Submit