551e03e17d1df9bd5b712bec7763578c01e7bffe9b93db246e36ec0a174f7467

Analysis

max time kernel
0s
max time network
158s
platform
linux_armhf
resource
debian9-armhf-en-20211208
submitted
25-04-2022 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

crp_linux_arm
Size

4.5MB
MD5

7dfed656ca6a4a14a4e40e2865ba7697
SHA1

955db50f05fbf2b96c0e0f0ca860f1d7b67bf2b0
SHA256

551e03e17d1df9bd5b712bec7763578c01e7bffe9b93db246e36ec0a174f7467
SHA512

4860ce88b1105e9ec9171ed84526f9a60a844c8a5ef93d6435e9d08b638829ae868b8a56e9b62069726e8311fa63c72ec81998841e8ea23b5a08c9e8290df8c6

Score

7^/10

Malware Config

Signatures

Write file to user bin folder 1 TTPs 1 IoCs

Hijack Execution Flow

T1574

description	ioc	Process
/usr/local/sbin/7z	/usr/local/sbin/7z	crp_linux_arm

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	crp_linux_arm

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/crp_linux_arm.pid	/tmp/crp_linux_arm.pid	crp_linux_arm

./crp_linux_arm
./crp_linux_arm
1⤵
- Write file to user bin folder
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:347

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads