Analysis
-
max time kernel
4s -
max time network
9s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240729-en -
resource tags
arch:mipselimage:debian12-mipsel-20240729-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
17/04/2025, 05:15
General
-
Target
linux_mipsel
-
Size
2.2MB
-
MD5
646b8ba5891772e6c80ebf7b0f794b6d
-
SHA1
cf53e4ed2cdd37bf30112d24db0ded25099b53a2
-
SHA256
e54588f9a60777a7feb8f16a55b8f64d4cf136fdfc59eff4653e0012575d0e5a
-
SHA512
4db6a9bb5e2fb12f5456c4a053b92db7d9de637a4b523f66253a0d310c95c160f101b3c8582a2f65b02a2a1a54e603141c3e0d22aa4ffc7065c0319e52de6d0f
-
SSDEEP
24576:lgHlA85YZiPrduv+YMNEkVXBYd+lCmWz1v:TI3Ild+l/Wz1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
ioc pid Process /etc/32676 764 sh -
Enumerates running processes
Discovers information about currently running processes on the system
-
Command and Scripting Interpreter: Unix Shell 1 TTPs 1 IoCs
Execute scripts via Unix Shell.
pid Process 761 sh -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size linux_mipsel File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size linux_mipsel -
description ioc Process File opened for reading /proc/3/stat linux_mipsel File opened for reading /proc/21/stat linux_mipsel File opened for reading /proc/712/stat linux_mipsel File opened for reading /proc/717/stat linux_mipsel File opened for reading /proc/1/stat linux_mipsel File opened for reading /proc/12/stat linux_mipsel File opened for reading /proc/18/stat linux_mipsel File opened for reading /proc/47/stat linux_mipsel File opened for reading /proc/110/stat linux_mipsel File opened for reading /proc/119/stat linux_mipsel File opened for reading /proc/138/stat linux_mipsel File opened for reading /proc/733/stat linux_mipsel File opened for reading /proc/24/stat linux_mipsel File opened for reading /proc/111/stat linux_mipsel File opened for reading /proc/428/stat linux_mipsel File opened for reading /proc/661/stat linux_mipsel File opened for reading /proc/748/stat linux_mipsel File opened for reading /proc/filesystems systemctl File opened for reading /proc/23/stat linux_mipsel File opened for reading /proc/427/stat linux_mipsel File opened for reading /proc/722/stat linux_mipsel File opened for reading /proc/20/stat linux_mipsel File opened for reading /proc/395/stat linux_mipsel File opened for reading /proc/425/stat linux_mipsel File opened for reading /proc/42/stat linux_mipsel File opened for reading /proc/45/stat linux_mipsel File opened for reading /proc/58/stat linux_mipsel File opened for reading /proc/9/stat linux_mipsel File opened for reading /proc/14/stat linux_mipsel File opened for reading /proc/22/stat linux_mipsel File opened for reading /proc/27/stat linux_mipsel File opened for reading /proc/29/stat linux_mipsel File opened for reading /proc/32/stat linux_mipsel File opened for reading /proc/696/stat linux_mipsel File opened for reading /proc/671/stat linux_mipsel File opened for reading /proc/25/stat linux_mipsel File opened for reading /proc/28/stat linux_mipsel File opened for reading /proc/118/stat linux_mipsel File opened for reading /proc/202/stat linux_mipsel File opened for reading /proc/350/stat linux_mipsel File opened for reading /proc/377/stat linux_mipsel File opened for reading /proc/390/stat linux_mipsel File opened for reading /proc/7/stat linux_mipsel File opened for reading /proc/33/stat linux_mipsel File opened for reading /proc/35/stat linux_mipsel File opened for reading /proc/48/stat linux_mipsel File opened for reading /proc/672/stat linux_mipsel File opened for reading /proc/734/stat linux_mipsel File opened for reading /proc/750/stat linux_mipsel File opened for reading /proc/5/stat linux_mipsel File opened for reading /proc/11/stat linux_mipsel File opened for reading /proc/31/stat linux_mipsel File opened for reading /proc/53/stat linux_mipsel File opened for reading /proc/112/stat linux_mipsel File opened for reading /proc/180/stat linux_mipsel File opened for reading /proc/4/stat linux_mipsel File opened for reading /proc/10/stat linux_mipsel File opened for reading /proc/714/stat linux_mipsel File opened for reading /proc/738/stat linux_mipsel File opened for reading /proc/749/stat linux_mipsel File opened for reading /proc/filesystems sed File opened for reading /proc/2/stat linux_mipsel File opened for reading /proc/34/stat linux_mipsel File opened for reading /proc/137/stat linux_mipsel -
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 742 linux_mipsel 749 linux_mipsel
Processes
-
/tmp/linux_mipsel/tmp/linux_mipsel1⤵
- Enumerates kernel/hardware configuration
- System Network Configuration Discovery
PID:742 -
/tmp/linux_mipsel/tmp/linux_mipsel " "2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
- System Network Configuration Discovery
PID:749 -
/bin/sh/bin/sh -c "/etc/32676&"3⤵
- Executes dropped EXE
- Command and Scripting Interpreter: Unix Shell
PID:761
-
-
/usr/sbin/serviceservice crond start3⤵PID:765
-
/usr/bin/basenamebasename /usr/sbin/service4⤵PID:768
-
-
/usr/bin/basenamebasename /usr/sbin/service4⤵PID:770
-
-
/usr/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"4⤵
- Reads runtime system information
PID:775
-
-
/usr/bin/systemctlsystemctl list-unit-files --full "--type=socket"4⤵
- Reads runtime system information
PID:774
-
-
-
-
/etc/32676/etc/326761⤵PID:764
-
/usr/bin/sleepsleep 602⤵PID:767
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41B
MD56576f78b302edb55aeeb7048bba11683
SHA1825391ed405be33e0c0f70f46b2530311cdf2a0c
SHA256f8c5640a5a088cfd500d65d798a4e6f05f5016217b9b9c75d98afd4d4115917e
SHA512f8b2c78b2363647df9296455f13848f84e7a0bb9126c5744cbdc4ba924d9a3daff1e4cfa90f7ad24d7222a2df1e544b3e69b80cab7f568ae9143a0e04d288280
-
Filesize
90B
MD5239f58d5aff3f4bbb0e1ca2938a3c2f2
SHA1df636d31443e18c0caa97b25c60620b00e22b66f
SHA25642a0c58ec1db0ef3c337d0424c39fdf4981e7dec8424993450c45ce95150a1c1
SHA512097edc69600efa7d4de907ea8e2ca4fef2d4c12c82998967d811478aa493ccd83eb4f8fc2607be57efcd0860da915a4aeada56ac2f2a449a4b5bf16df7a63926
-
Filesize
61B
MD547684525bfdf26f49fd1cf742b17c015
SHA1c4ab14ba22420ff9acadfc698a38d0cd99e9fbfa
SHA256b7ce294613dd2c237a4a50548bfcd5c14d166107f2d2e965499bc78695300d5b
SHA512948f9c519ae9afe1c821c5d58da2e584e50356dabef597ccd408853a9038560b9fb1c5894900e2725b48977ffd49d18a439436bb4946e2164ac9fcf2a8637621