Overview

overview

10

Static

static

10

0ae15ae0dd...08c6b0

linux_armhf

10

Analysis

  • max time kernel
    17650s
  • max time network
    161s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • submitted
    30-06-2022 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ae15ae0dd8888628e5b1e9f3f3a3d5bf9bbde44c2283568dbbcf69ea908c6b0

  • Size

    121KB

  • MD5

    b36873274d88f9258c25c3eae43a6491

  • SHA1

    5543552a7a35c0e05bfd631bf205c950fb2d19d8

  • SHA256

    0ae15ae0dd8888628e5b1e9f3f3a3d5bf9bbde44c2283568dbbcf69ea908c6b0

  • SHA512

    fe51453b7df71d96a93d0ae3d50e3ed3e6590ca7505cc0e1ece630e0d818a5e77ce3683f7adfb2b7fe8c6fcd7be21de1cac53fda441a213cbe490a04ed900c6d

Score
10/10
persistencesuricata

Malware Config

Signatures

  • suricata: ET MALWARE IRC Nick change on non-standard port

    suricata: ET MALWARE IRC Nick change on non-standard port

    suricata
  • Modifies rc script 1 TTPs 1 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • ./0ae15ae0dd8888628e5b1e9f3f3a3d5bf9bbde44c2283568dbbcf69ea908c6b0
    ./0ae15ae0dd8888628e5b1e9f3f3a3d5bf9bbde44c2283568dbbcf69ea908c6b0
    1⤵
    • Modifies rc script
    PID:351

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads