Analysis
-
max time kernel
116s -
max time network
28s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
08-01-2025 22:57
Behavioral task
behavioral1
Sample
mippytippy.elf
Resource
debian9-mipsbe-20240611-en
debian-9-mips
7 signatures
150 seconds
General
-
Target
mippytippy.elf
-
Size
284KB
-
MD5
2100ce69b057d85fc3eae4d9e1f1fd1b
-
SHA1
0678a71a36a0b1e9673713db060151179256d87f
-
SHA256
a7776983dda6f3a62bcdb4ea88d1ec8864a270ff879e61b0b21275715a5d2a38
-
SHA512
843d69b3461d3c6d2b4426e230e9863a7351ef83a182f82a0c30e16337b8ed7c92e04ca56cbf90a0fa270433ee7cdec2b0a924d569e9ebcad5eb4f4a92274c21
-
SSDEEP
3072:7BAsIgkocwgzd0GOoUr3Ixla8MBTObtF43WwNIZR6gwpUEMTQllq+l9ydILwcC6X:7YUe1wdmQi3mIPTBJGXbXi+Nx
Score
7/10
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog mippytippy.elf File opened for modification /dev/misc/watchdog mippytippy.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route mippytippy.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself sshd 711 mippytippy.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route mippytippy.elf -
description ioc Process File opened for reading /proc/722/cmdline mippytippy.elf File opened for reading /proc/725/cmdline mippytippy.elf File opened for reading /proc/726/cmdline mippytippy.elf File opened for reading /proc/728/cmdline mippytippy.elf File opened for reading /proc/731/cmdline mippytippy.elf File opened for reading /proc/736/cmdline mippytippy.elf File opened for reading /proc/739/cmdline mippytippy.elf File opened for reading /proc/6/cmdline mippytippy.elf File opened for reading /proc/743/cmdline mippytippy.elf File opened for reading /proc/745/cmdline mippytippy.elf File opened for reading /proc/749/cmdline mippytippy.elf File opened for reading /proc/762/cmdline mippytippy.elf File opened for reading /proc/740/cmdline mippytippy.elf File opened for reading /proc/784/cmdline mippytippy.elf File opened for reading /proc/791/cmdline mippytippy.elf File opened for reading /proc/713/cmdline mippytippy.elf File opened for reading /proc/733/cmdline mippytippy.elf File opened for reading /proc/748/cmdline mippytippy.elf File opened for reading /proc/755/cmdline mippytippy.elf File opened for reading /proc/798/cmdline mippytippy.elf File opened for reading /proc/78/cmdline mippytippy.elf File opened for reading /proc/384/cmdline mippytippy.elf File opened for reading /proc/780/cmdline mippytippy.elf File opened for reading /proc/73/cmdline mippytippy.elf File opened for reading /proc/83/cmdline mippytippy.elf File opened for reading /proc/746/cmdline mippytippy.elf File opened for reading /proc/759/cmdline mippytippy.elf File opened for reading /proc/775/cmdline mippytippy.elf File opened for reading /proc/783/cmdline mippytippy.elf File opened for reading /proc/7/cmdline mippytippy.elf File opened for reading /proc/127/cmdline mippytippy.elf File opened for reading /proc/724/cmdline mippytippy.elf File opened for reading /proc/760/cmdline mippytippy.elf File opened for reading /proc/766/cmdline mippytippy.elf File opened for reading /proc/785/cmdline mippytippy.elf File opened for reading /proc/20/cmdline mippytippy.elf File opened for reading /proc/707/cmdline mippytippy.elf File opened for reading /proc/734/cmdline mippytippy.elf File opened for reading /proc/761/cmdline mippytippy.elf File opened for reading /proc/769/cmdline mippytippy.elf File opened for reading /proc/21/cmdline mippytippy.elf File opened for reading /proc/429/cmdline mippytippy.elf File opened for reading /proc/686/cmdline mippytippy.elf File opened for reading /proc/772/cmdline mippytippy.elf File opened for reading /proc/786/cmdline mippytippy.elf File opened for reading /proc/23/cmdline mippytippy.elf File opened for reading /proc/758/cmdline mippytippy.elf File opened for reading /proc/17/cmdline mippytippy.elf File opened for reading /proc/753/cmdline mippytippy.elf File opened for reading /proc/781/cmdline mippytippy.elf File opened for reading /proc/787/cmdline mippytippy.elf File opened for reading /proc/793/cmdline mippytippy.elf File opened for reading /proc/5/cmdline mippytippy.elf File opened for reading /proc/360/cmdline mippytippy.elf File opened for reading /proc/685/cmdline mippytippy.elf File opened for reading /proc/782/cmdline mippytippy.elf File opened for reading /proc/800/cmdline mippytippy.elf File opened for reading /proc/71/cmdline mippytippy.elf File opened for reading /proc/712/cmdline mippytippy.elf File opened for reading /proc/19/cmdline mippytippy.elf File opened for reading /proc/356/cmdline mippytippy.elf File opened for reading /proc/679/cmdline mippytippy.elf File opened for reading /proc/683/cmdline mippytippy.elf File opened for reading /proc/771/cmdline mippytippy.elf -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 711 mippytippy.elf