Analysis
-
max time kernel
3637s -
max time network
157s -
platform
linux_armhf -
resource
debian9-armhf-en-20211025 -
submitted
06-12-2021 16:11
Static task
static1
Behavioral task
behavioral1
Sample
la.bot.arm7
Resource
debian9-armhf-en-20211025
linux_armhf
0 signatures
0 seconds
General
-
Target
la.bot.arm7
-
Size
54KB
-
MD5
594597e0ede6dba5d3101f643f72358a
-
SHA1
04524d215b0022cd8cb2276246d34776c6bb6b9d
-
SHA256
8e1227b67a61c11f0aaa15551847d5d298df4b2c6900702f56b1693e4babd79c
-
SHA512
a663f6a09de9b3ecaa545c55c9c773149568969d2f1073963973ed1f9aafcb3166c38b205ef8a666ddae3571daf9580c935116a9661829a6e42b78dd1f291db8
Score
5/10
Malware Config
Signatures
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/321/exe /proc/321/exe /proc/413/cmdline /proc/413/cmdline /proc/518/cmdline /proc/518/cmdline /proc/559/exe /proc/559/exe /proc/13/cmdline /proc/13/cmdline /proc/111/maps /proc/111/maps /proc/14/cmdline /proc/14/cmdline /proc/243/cmdline /proc/243/cmdline /proc/443/cmdline /proc/443/cmdline /proc/714/cmdline /proc/714/cmdline /proc/242/maps /proc/242/maps /proc/574/exe /proc/574/exe /proc/635/exe /proc/635/exe /proc/639/exe /proc/639/exe /proc/729/exe /proc/729/exe /proc/402/exe /proc/402/exe /proc/568/maps /proc/568/maps /proc/480/maps /proc/480/maps /proc/22/exe /proc/22/exe /proc/517/exe /proc/517/exe /proc/611/maps /proc/611/maps /proc/384/exe /proc/384/exe /proc/42/maps /proc/42/maps /proc/529/exe /proc/529/exe /proc/320/maps /proc/320/maps /proc/630/maps /proc/630/maps /proc/255/exe /proc/255/exe /proc/683/maps /proc/683/maps /proc/452/exe /proc/452/exe /proc/370/maps /proc/370/maps /proc/528/exe /proc/528/exe /proc/6/cmdline /proc/6/cmdline /proc/111/cmdline /proc/111/cmdline /proc/385/maps /proc/385/maps /proc/451/maps /proc/451/maps /proc/538/exe /proc/538/exe /proc/660/exe /proc/660/exe /proc/714/exe /proc/714/exe /proc/15/maps /proc/15/maps /proc/394/cmdline /proc/394/cmdline /proc/414/cmdline /proc/414/cmdline /proc/529/maps /proc/529/maps /proc/374/maps /proc/374/maps /proc/27/cmdline /proc/27/cmdline /proc/152/exe /proc/152/exe /proc/1/exe /proc/1/exe /proc/365/cmdline /proc/365/cmdline /proc/437/exe /proc/437/exe /proc/523/exe /proc/523/exe /proc/619/exe /proc/619/exe /proc/81/maps /proc/81/maps /proc/293/maps /proc/293/maps /proc/619/maps /proc/619/maps /proc/626/exe /proc/626/exe /proc/169/exe /proc/169/exe /proc/708/maps /proc/708/maps /proc/709/exe /proc/709/exe /proc/508/maps /proc/508/maps /proc/29/exe /proc/29/exe /proc/147/exe /proc/147/exe /proc/318/maps /proc/318/maps /proc/320/cmdline /proc/320/cmdline /proc/413/exe /proc/413/exe /proc/437/cmdline /proc/437/cmdline -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
la.bot.arm7description ioc process /tmp/la.bot.arm7 /tmp/la.bot.arm7 la.bot.arm7