Analysis

  • max time kernel
    4s
  • max time network
    9s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240729-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240729-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    17/04/2025, 05:15

General

  • Target

    linux_mipsel

  • Size

    2.2MB

  • MD5

    646b8ba5891772e6c80ebf7b0f794b6d

  • SHA1

    cf53e4ed2cdd37bf30112d24db0ded25099b53a2

  • SHA256

    e54588f9a60777a7feb8f16a55b8f64d4cf136fdfc59eff4653e0012575d0e5a

  • SHA512

    4db6a9bb5e2fb12f5456c4a053b92db7d9de637a4b523f66253a0d310c95c160f101b3c8582a2f65b02a2a1a54e603141c3e0d22aa4ffc7065c0319e52de6d0f

  • SSDEEP

    24576:lgHlA85YZiPrduv+YMNEkVXBYd+lCmWz1v:TI3Ild+l/Wz1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Command and Scripting Interpreter: Unix Shell 1 TTPs 1 IoCs

    Execute scripts via Unix Shell.

  • Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 2 IoCs

    Adversaries may gather information about the network configuration of a system.

Processes

  • /tmp/linux_mipsel
    /tmp/linux_mipsel
    1⤵
    • Enumerates kernel/hardware configuration
    • System Network Configuration Discovery
    PID:742
    • /tmp/linux_mipsel
      /tmp/linux_mipsel " "
      2⤵
      • Enumerates kernel/hardware configuration
      • Reads runtime system information
      • System Network Configuration Discovery
      PID:749
      • /bin/sh
        /bin/sh -c "/etc/32676&"
        3⤵
        • Executes dropped EXE
        • Command and Scripting Interpreter: Unix Shell
        PID:761
      • /usr/sbin/service
        service crond start
        3⤵
          PID:765
          • /usr/bin/basename
            basename /usr/sbin/service
            4⤵
              PID:768
            • /usr/bin/basename
              basename /usr/sbin/service
              4⤵
                PID:770
              • /usr/bin/sed
                sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                4⤵
                • Reads runtime system information
                PID:775
              • /usr/bin/systemctl
                systemctl list-unit-files --full "--type=socket"
                4⤵
                • Reads runtime system information
                PID:774
        • /etc/32676
          /etc/32676
          1⤵
            PID:764
            • /usr/bin/sleep
              sleep 60
              2⤵
                PID:767

            Network

            MITRE ATT&CK Enterprise v16

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /etc/.walk

              Filesize

              41B

              MD5

              6576f78b302edb55aeeb7048bba11683

              SHA1

              825391ed405be33e0c0f70f46b2530311cdf2a0c

              SHA256

              f8c5640a5a088cfd500d65d798a4e6f05f5016217b9b9c75d98afd4d4115917e

              SHA512

              f8b2c78b2363647df9296455f13848f84e7a0bb9126c5744cbdc4ba924d9a3daff1e4cfa90f7ad24d7222a2df1e544b3e69b80cab7f568ae9143a0e04d288280

            • /etc/.walk

              Filesize

              90B

              MD5

              239f58d5aff3f4bbb0e1ca2938a3c2f2

              SHA1

              df636d31443e18c0caa97b25c60620b00e22b66f

              SHA256

              42a0c58ec1db0ef3c337d0424c39fdf4981e7dec8424993450c45ce95150a1c1

              SHA512

              097edc69600efa7d4de907ea8e2ca4fef2d4c12c82998967d811478aa493ccd83eb4f8fc2607be57efcd0860da915a4aeada56ac2f2a449a4b5bf16df7a63926

            • /etc/32676

              Filesize

              61B

              MD5

              47684525bfdf26f49fd1cf742b17c015

              SHA1

              c4ab14ba22420ff9acadfc698a38d0cd99e9fbfa

              SHA256

              b7ce294613dd2c237a4a50548bfcd5c14d166107f2d2e965499bc78695300d5b

              SHA512

              948f9c519ae9afe1c821c5d58da2e584e50356dabef597ccd408853a9038560b9fb1c5894900e2725b48977ffd49d18a439436bb4946e2164ac9fcf2a8637621