Analysis
-
max time kernel
14180s -
max time network
157s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
submitted
21-05-2022 19:08
Behavioral task
behavioral1
Sample
2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
Resource
debian9-armhf-en-20211208
linux_armhf
0 signatures
0 seconds
General
-
Target
2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
-
Size
165KB
-
MD5
5af7e0632a67e2dec47970ef7610a205
-
SHA1
bd96dc96b081245a8dfd831d2fe147c9939beec4
-
SHA256
2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
-
SHA512
cb5ec510122c8834bbc8b0e27d2a7357d0cad3a5999f67003ce90c52e80dd6d818c707cf8dbd8a60e9b41610a8dd11926587532ba4ef9035153d941e49899900
Score
7/10
Malware Config
Signatures
-
Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafadescription ioc process /etc/rc.d/rc.local /etc/rc.d/rc.local 2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafadescription ioc process /proc/net/route /proc/net/route 2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafadescription ioc process /proc/net/route /proc/net/route 2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa