Overview

overview

10

Static

static

10

54019336e6...5c.elf

debian-9-armhf

7

Analysis

  • max time kernel
    0s
  • max time network
    158s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • resource tags

    arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    08-09-2022 05:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54019336e6fbb7b9e621821f9b9f0a5c.elf

  • Size

    4.6MB

  • MD5

    54019336e6fbb7b9e621821f9b9f0a5c

  • SHA1

    bd4a00b9194db65d78053ede828ec3107ba982cd

  • SHA256

    a51ac88920838035e758b9c20912867c51f78e76bc27fb6bf57128eb7ada54f8

  • SHA512

    08e1dd28765b65033637c97afc2d517f8179ac800b67b4897c97a8af86186f24a43cc11b028b202a3cb46389ad51c4779b5d722e63e27b124bf53dd37d30f361

  • SSDEEP

    49152:Gj9jMidSyBRoVTc8jLq3eKDrg/czUJlCCLrR1KuAb7/C:MjFdSERWTc8q3eR6/C

Score
7/10
persistence

Malware Config

Signatures

  • Modifies init.d 1 TTPs 1 IoCs

    Adds/modifies system service, likely for persistence.

    persistence
  • Write file to user bin folder 1 TTPs 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/54019336e6fbb7b9e621821f9b9f0a5c.elf
    /tmp/54019336e6fbb7b9e621821f9b9f0a5c.elf
    1⤵
    • Modifies init.d
    • Write file to user bin folder
    • Enumerates kernel/hardware configuration
    • Writes file to tmp directory
    PID:347

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads