Analysis
-
max time kernel
123s -
max time network
148s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
19-01-2025 14:17
Behavioral task
behavioral1
Sample
hold.mips.elf
Resource
debian9-mipsbe-20240611-en
debian-9-mips
7 signatures
150 seconds
General
-
Target
hold.mips.elf
-
Size
95KB
-
MD5
333319724b817510494e5dc8c7c7b24f
-
SHA1
cdc2c915b0e400fa07f91fa9c3d5cc186096f3f1
-
SHA256
55df6be58def4b7fad82ee34c8e67c05aededbf2b322659b033dc2997a60e843
-
SHA512
64e843e7fae9d62fbb0814b8504e1f67fe19fc0d26c9214bfc044b48e7513ad38fd041248ffb1082d5a11298c35fb1b13753cb774fda83b4f59b64c04e4898d1
-
SSDEEP
1536:Cp/AZby0g4l2eH6PgwxYLLlPRIfGweWmTOsR:Cp/SbyVo2e8gwxYLLlafGvTXR
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 719 hold.mips.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog hold.mips.elf File opened for modification /dev/misc/watchdog hold.mips.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog hold.mips.elf File opened for modification /bin/watchdog hold.mips.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself ub71wp0t8c3hmkd2 719 hold.mips.elf -
description ioc Process File opened for reading /proc/767/cmdline hold.mips.elf File opened for reading /proc/9/cmdline hold.mips.elf File opened for reading /proc/722/cmdline hold.mips.elf File opened for reading /proc/731/cmdline hold.mips.elf File opened for reading /proc/761/cmdline hold.mips.elf File opened for reading /proc/783/cmdline hold.mips.elf File opened for reading /proc/797/cmdline hold.mips.elf File opened for reading /proc/17/cmdline hold.mips.elf File opened for reading /proc/161/cmdline hold.mips.elf File opened for reading /proc/692/cmdline hold.mips.elf File opened for reading /proc/778/cmdline hold.mips.elf File opened for reading /proc/1/cmdline hold.mips.elf File opened for reading /proc/763/cmdline hold.mips.elf File opened for reading /proc/765/cmdline hold.mips.elf File opened for reading /proc/766/cmdline hold.mips.elf File opened for reading /proc/12/cmdline hold.mips.elf File opened for reading /proc/23/cmdline hold.mips.elf File opened for reading /proc/175/cmdline hold.mips.elf File opened for reading /proc/757/cmdline hold.mips.elf File opened for reading /proc/711/cmdline hold.mips.elf File opened for reading /proc/777/cmdline hold.mips.elf File opened for reading /proc/788/cmdline hold.mips.elf File opened for reading /proc/793/cmdline hold.mips.elf File opened for reading /proc/36/cmdline hold.mips.elf File opened for reading /proc/72/cmdline hold.mips.elf File opened for reading /proc/76/cmdline hold.mips.elf File opened for reading /proc/344/cmdline hold.mips.elf File opened for reading /proc/19/cmdline hold.mips.elf File opened for reading /proc/37/cmdline hold.mips.elf File opened for reading /proc/739/cmdline hold.mips.elf File opened for reading /proc/755/cmdline hold.mips.elf File opened for reading /proc/792/cmdline hold.mips.elf File opened for reading /proc/796/cmdline hold.mips.elf File opened for reading /proc/21/cmdline hold.mips.elf File opened for reading /proc/690/cmdline hold.mips.elf File opened for reading /proc/744/cmdline hold.mips.elf File opened for reading /proc/774/cmdline hold.mips.elf File opened for reading /proc/716/cmdline hold.mips.elf File opened for reading /proc/746/cmdline hold.mips.elf File opened for reading /proc/748/cmdline hold.mips.elf File opened for reading /proc/750/cmdline hold.mips.elf File opened for reading /proc/22/cmdline hold.mips.elf File opened for reading /proc/254/cmdline hold.mips.elf File opened for reading /proc/378/cmdline hold.mips.elf File opened for reading /proc/712/cmdline hold.mips.elf File opened for reading /proc/776/cmdline hold.mips.elf File opened for reading /proc/794/cmdline hold.mips.elf File opened for reading /proc/782/cmdline hold.mips.elf File opened for reading /proc/391/cmdline hold.mips.elf File opened for reading /proc/396/cmdline hold.mips.elf File opened for reading /proc/732/cmdline hold.mips.elf File opened for reading /proc/770/cmdline hold.mips.elf File opened for reading /proc/124/cmdline hold.mips.elf File opened for reading /proc/752/cmdline hold.mips.elf File opened for reading /proc/773/cmdline hold.mips.elf File opened for reading /proc/789/cmdline hold.mips.elf File opened for reading /proc/717/cmdline hold.mips.elf File opened for reading /proc/11/cmdline hold.mips.elf File opened for reading /proc/70/cmdline hold.mips.elf File opened for reading /proc/745/cmdline hold.mips.elf File opened for reading /proc/769/cmdline hold.mips.elf File opened for reading /proc/735/cmdline hold.mips.elf File opened for reading /proc/343/cmdline hold.mips.elf File opened for reading /proc/729/cmdline hold.mips.elf -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 719 hold.mips.elf