a5ab5ab2607342c3bcfce5a0cb337c18ca432516cac8ba96b7fe0e6145b6db5e

Analysis

Target

gost-linux-armv5
Size

11.9MB
MD5

21dbcb4a12bf268ba42a55569f872e20
SHA1

bdff4af7c8d570c29ef74358f24914e1eaf3d8be
SHA256

a5ab5ab2607342c3bcfce5a0cb337c18ca432516cac8ba96b7fe0e6145b6db5e
SHA512

78e21dafd92805d2ea2a5d8dd0422bc73bad835ed88db643ed19fcf852c3027fd6989ffd2ceee910a91914ea89f443e0dd06daa79b34656e7965c22162f8d1f1
SSDEEP

98304:/0o3jF4CMDt6kj/QxDXm5azTvrtPdwEzzY4:/0o329D5aTtPdw4

Score

5^/10

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

gost-linux-armv5

description ioc process

/sys/kernel/mm/transparent_hugepage/hpage_pmd_size /sys/kernel/mm/transparent_hugepage/hpage_pmd_size gost-linux-armv5
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

gost-linux-armv5

description ioc process

/proc/self/auxv /proc/self/auxv gost-linux-armv5

description	ioc	process
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	gost-linux-armv5

description	ioc	process
/proc/self/auxv	/proc/self/auxv	gost-linux-armv5

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact