Analysis
-
max time kernel
4s -
max time network
10s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20250410-en -
resource tags
arch:mipselimage:debian12-mipsel-20250410-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
18/04/2025, 01:07
General
-
Target
d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55.elf
-
Size
2.2MB
-
MD5
06a141032d508ea7639d82c044851727
-
SHA1
e49bf29f0c21f0e5a5d0ccee733ed1626df57d6b
-
SHA256
d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55
-
SHA512
8173fc77c9ba84dc1a980c907dec6d2a37e20b3dec5438189fb1990e6c161de5a7ebc033091be2bcd7b80fb1bfe1478eb9f81f6811c9417fd95d3419c9cc2e05
-
SSDEEP
24576:TTq+DZ51ZFBI2dNPSn3MKEuPVXlod+lCmISWz1v:fT18MyEd+lsSWz1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
ioc pid Process /etc/32676 822 sh -
Command and Scripting Interpreter: Unix Shell 1 TTPs 1 IoCs
Execute scripts via Unix Shell.
pid Process 817 sh -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55.elf File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55.elf -
description ioc Process File opened for reading /proc/filesystems systemctl File opened for reading /proc/filesystems sed
Processes
-
/tmp/d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55.elf/tmp/d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55.elf1⤵
- Enumerates kernel/hardware configuration
PID:801 -
/tmp/d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55.elf/tmp/d3030e1575b48293f9364353127bd44892ec65120c11d1710eead510373aab55.elf " "2⤵
- Enumerates kernel/hardware configuration
PID:807 -
/bin/sh/bin/sh -c "/etc/32676&"3⤵
- Executes dropped EXE
- Command and Scripting Interpreter: Unix Shell
PID:817
-
-
/usr/sbin/serviceservice crond start3⤵PID:823
-
/usr/bin/basenamebasename /usr/sbin/service4⤵PID:826
-
-
/usr/bin/basenamebasename /usr/sbin/service4⤵PID:829
-
-
/usr/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"4⤵
- Reads runtime system information
PID:832
-
-
/usr/bin/systemctlsystemctl list-unit-files --full "--type=socket"4⤵
- Reads runtime system information
PID:831
-
-
-
-
/etc/32676/etc/326761⤵PID:822
-
/usr/bin/sleepsleep 602⤵PID:825
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41B
MD589c996eff0267172b93ad1683573f8ea
SHA15adf85060b666e654db55684b0ecdaff74d527da
SHA256f21ee0198323e1e99bb4e302f400a26d92a1a91102f2205b80b208422881d2aa
SHA5121a3db17810cc6e508f868a3d4c00162049f22c7e2546b0db9d0efe239821944ea1d62568171441df564f97604caf5092d5797b3910315a3f1c9ca00e0b8c48ed
-
Filesize
90B
MD539f840fade1762fdaa85ae0bc76ee446
SHA1b292f241d76a753759e25c8a295c3bd13b050232
SHA2565bb6d419837871dcd40bee9a0d1e52f1a2b0a0167e70b29168182b608374d0f7
SHA5121f8a00a35d9ca49d49e4b7cd49e555789dca8a890bf27cb75459cfb050e5b273984cd9ffa15810442d2f303a384b4a50f4c0e600644468c62239ba4c54582cc8
-
Filesize
56B
MD5585f408444cbca746945f0cb63f2c3f0
SHA10e44bae17174f04514e770ca7fc4bec1007e39cd
SHA256ebb961c647363dfa90f302de378e0e61807b9b792fc86616635a713cca8f4299
SHA512022241dbafad55164701f67ef5b84154e3af97c5dfe77dee7bf8406f2befbd2962bbf4f243432b2f41d6c2376b87fcf551fd6945e03ddb02a5619c2f0f69c596