c27fcbc9c81b90d4eda69cf14370aa082d6bec5deeb067efa13413aa186d2d21

Analysis

max time kernel
150s
max time network
153s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
02-02-2025 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.mips.elf
Size

169KB
MD5

95208a928216f13ae3abf1165959e861
SHA1

2cae75878dd5af1657b7b6c4580daa2bf0e19720
SHA256

c27fcbc9c81b90d4eda69cf14370aa082d6bec5deeb067efa13413aa186d2d21
SHA512

649532a3f46265b4ef957b9cf605b97e95cb42e64ec75b6a33bd4928a35139313846948a89d263e5112caed8d62d2100a3f7ac8a40b359226061616ca3f40998
SSDEEP

1536:yl2JvnXPvLUQ+chMJdDNsCK9HFP18tOQGgezLiM+C27TfF+h/iuf/P/zId/o:ygv/6cwZsCK9ltSOQ+LidFS/v/PbIVo

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	692	bot.mips.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/8/cmdline	bot.mips.elf
File opened for reading	/proc/70/cmdline	bot.mips.elf
File opened for reading	/proc/702/cmdline	bot.mips.elf
File opened for reading	/proc/734/cmdline	bot.mips.elf
File opened for reading	/proc/3/cmdline	bot.mips.elf
File opened for reading	/proc/325/cmdline	bot.mips.elf
File opened for reading	/proc/708/cmdline	bot.mips.elf
File opened for reading	/proc/793/cmdline	bot.mips.elf
File opened for reading	/proc/6/cmdline	bot.mips.elf
File opened for reading	/proc/83/cmdline	bot.mips.elf
File opened for reading	/proc/164/cmdline	bot.mips.elf
File opened for reading	/proc/663/cmdline	bot.mips.elf
File opened for reading	/proc/714/cmdline	bot.mips.elf
File opened for reading	/proc/726/cmdline	bot.mips.elf
File opened for reading	/proc/788/cmdline	bot.mips.elf
File opened for reading	/proc/69/cmdline	bot.mips.elf
File opened for reading	/proc/689/cmdline	bot.mips.elf
File opened for reading	/proc/694/cmdline	bot.mips.elf
File opened for reading	/proc/705/cmdline	bot.mips.elf
File opened for reading	/proc/768/cmdline	bot.mips.elf
File opened for reading	/proc/769/cmdline	bot.mips.elf
File opened for reading	/proc/777/cmdline	bot.mips.elf
File opened for reading	/proc/755/cmdline	bot.mips.elf
File opened for reading	/proc/22/cmdline	bot.mips.elf
File opened for reading	/proc/138/cmdline	bot.mips.elf
File opened for reading	/proc/383/cmdline	bot.mips.elf
File opened for reading	/proc/737/cmdline	bot.mips.elf
File opened for reading	/proc/797/cmdline	bot.mips.elf
File opened for reading	/proc/81/cmdline	bot.mips.elf
File opened for reading	/proc/665/cmdline	bot.mips.elf
File opened for reading	/proc/725/cmdline	bot.mips.elf
File opened for reading	/proc/780/cmdline	bot.mips.elf
File opened for reading	/proc/1/cmdline	bot.mips.elf
File opened for reading	/proc/20/cmdline	bot.mips.elf
File opened for reading	/proc/71/cmdline	bot.mips.elf
File opened for reading	/proc/77/cmdline	bot.mips.elf
File opened for reading	/proc/747/cmdline	bot.mips.elf
File opened for reading	/proc/787/cmdline	bot.mips.elf
File opened for reading	/proc/798/cmdline	bot.mips.elf
File opened for reading	/proc/12/cmdline	bot.mips.elf
File opened for reading	/proc/15/cmdline	bot.mips.elf
File opened for reading	/proc/16/cmdline	bot.mips.elf
File opened for reading	/proc/21/cmdline	bot.mips.elf
File opened for reading	/proc/659/cmdline	bot.mips.elf
File opened for reading	/proc/715/cmdline	bot.mips.elf
File opened for reading	/proc/766/cmdline	bot.mips.elf
File opened for reading	/proc/799/cmdline	bot.mips.elf
File opened for reading	/proc/372/cmdline	bot.mips.elf
File opened for reading	/proc/374/cmdline	bot.mips.elf
File opened for reading	/proc/752/cmdline	bot.mips.elf
File opened for reading	/proc/789/cmdline	bot.mips.elf
File opened for reading	/proc/10/cmdline	bot.mips.elf
File opened for reading	/proc/746/cmdline	bot.mips.elf
File opened for reading	/proc/772/cmdline	bot.mips.elf
File opened for reading	/proc/73/cmdline	bot.mips.elf
File opened for reading	/proc/707/cmdline	bot.mips.elf
File opened for reading	/proc/733/cmdline	bot.mips.elf
File opened for reading	/proc/735/cmdline	bot.mips.elf
File opened for reading	/proc/758/cmdline	bot.mips.elf
File opened for reading	/proc/767/cmdline	bot.mips.elf
File opened for reading	/proc/761/cmdline	bot.mips.elf
File opened for reading	/proc/105/cmdline	bot.mips.elf
File opened for reading	/proc/321/cmdline	bot.mips.elf
File opened for reading	/proc/710/cmdline	bot.mips.elf

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
692	bot.mips.elf

/tmp/bot.mips.elf
/tmp/bot.mips.elf
1⤵
- Changes its process name
- Reads runtime system information
- System Network Configuration Discovery
PID:692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads