Analysis
-
max time kernel
17143s -
max time network
161s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
submitted
25-06-2022 02:49
General
-
Target
48dcbdf9f92f959c6f9a1af52594cd90ab644d28f812e25729d11793581bc5e7
-
Size
160KB
-
MD5
5b7755e24a2f39d098f5699d32ed6b64
-
SHA1
4fdaf0da1ff2913a13482dbd30c73a4cdd06a8d1
-
SHA256
48dcbdf9f92f959c6f9a1af52594cd90ab644d28f812e25729d11793581bc5e7
-
SHA512
43b8a97e394ab998d577e058198b6f7fa6ac9312770ef9cfb2b2e15010de1cca6f05b8993c3a879e301b66e2f86b535fe4ddc548e43c39629cdc6412b3df8c32
Score
7/10
Malware Config
Signatures
-
Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes
-
./48dcbdf9f92f959c6f9a1af52594cd90ab644d28f812e25729d11793581bc5e7./48dcbdf9f92f959c6f9a1af52594cd90ab644d28f812e25729d11793581bc5e71⤵
- Modifies rc script