1f8b24c785052d834d9237727b55d1d2446437dd4e17339995ffefb862e38668

Analysis

max time kernel
22s
max time network
27s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
28/03/2025, 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bimbo-mpsl
Size

62KB
MD5

b458fa874710a8897b8e9f3acbf82289
SHA1

093088b3c0d688d5f860fa901bc50117504163c9
SHA256

1f8b24c785052d834d9237727b55d1d2446437dd4e17339995ffefb862e38668
SHA512

8e666fa5e0d210041e69cf654c80e1e2a189470a25868774ac9c496206ac99d15ff68ffcdba131915ccddc19f8ae1852a04c87b49c8e2edd97c69218f726e058
SSDEEP

1536:9F7SDAb/TtZrJAYll9z4VUfSRZN54eGA4k:9F7SwXrGYlDSR

Score

9^/10

credential_access discovery

Malware Config

Signatures

Contacts a large (58839) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Reads process memory 1 TTPs 17 IoCs

Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

credential_access

Proc Filesystem

T1003.007

description	ioc	Process
File opened for reading	/proc/667/maps	bimbo-mpsl
File opened for reading	/proc/710/maps	bimbo-mpsl
File opened for reading	/proc/713/maps	bimbo-mpsl
File opened for reading	/proc/716/maps	bimbo-mpsl
File opened for reading	/proc/743/maps	bimbo-mpsl
File opened for reading	/proc/742/maps	bimbo-mpsl
File opened for reading	/proc/402/maps	bimbo-mpsl
File opened for reading	/proc/679/maps	bimbo-mpsl
File opened for reading	/proc/680/maps	bimbo-mpsl
File opened for reading	/proc/695/maps	bimbo-mpsl
File opened for reading	/proc/720/maps	bimbo-mpsl
File opened for reading	/proc/744/maps	bimbo-mpsl
File opened for reading	/proc/732/maps	bimbo-mpsl
File opened for reading	/proc/428/maps	bimbo-mpsl
File opened for reading	/proc/697/maps	bimbo-mpsl
File opened for reading	/proc/731/maps	bimbo-mpsl
File opened for reading	/proc/745/maps	bimbo-mpsl

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	��ﻹ��	740	bimbo-mpsl

/tmp/bimbo-mpsl
/tmp/bimbo-mpsl
1⤵
- Reads process memory
- Changes its process name
PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

OS Credential Dumping

T1003

Proc Filesystem

T1003.007

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads