043af53b18a37168f3b0df013f6d65f908ed00fc109de4fa5b16295210e9b77f

Analysis

max time kernel
25801s
max time network
163s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
03/10/2022, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm7.elf
Size

157KB
MD5

503645a9de0fd85a15208544b97541c7
SHA1

98babc529148e9f26acc3550650411d4be811c3f
SHA256

043af53b18a37168f3b0df013f6d65f908ed00fc109de4fa5b16295210e9b77f
SHA512

ddb2d01763dc19b09a07368c650093ba572a257c16799c25e67d40b07ab5ced39084c58bf84d1b16a82adee4fda099d79a896c25d4b5f86bf4d30eb8473823fd
SSDEEP

3072:bPdC3mzY+/k7De7habh6i+AZ1ZFgNY71trs5u1fGM/9xrYzl3f7:bPomzY/6hal6i+AZrFgKts5u1eM/9Sdz

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (34037) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/105/cmdline	/proc/105/cmdline	Process not Found
/proc/162/cmdline	/proc/162/cmdline	Process not Found
/proc/483/cmdline	/proc/483/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/27/cmdline	/proc/27/cmdline	Process not Found
/proc/231/cmdline	/proc/231/cmdline	Process not Found
/proc/276/cmdline	/proc/276/cmdline	Process not Found
/proc/412/cmdline	/proc/412/cmdline	Process not Found
/proc/443/cmdline	/proc/443/cmdline	Process not Found
/proc/484/cmdline	/proc/484/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/272/cmdline	/proc/272/cmdline	Process not Found
/proc/305/cmdline	/proc/305/cmdline	Process not Found
/proc/370/cmdline	/proc/370/cmdline	Process not Found
/proc/380/cmdline	/proc/380/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/26/cmdline	/proc/26/cmdline	Process not Found
/proc/151/cmdline	/proc/151/cmdline	Process not Found
/proc/347/cmdline	/proc/347/cmdline	Process not Found
/proc/382/cmdline	/proc/382/cmdline	Process not Found
/proc/73/cmdline	/proc/73/cmdline	Process not Found
/proc/390/cmdline	/proc/390/cmdline	Process not Found
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/309/cmdline	/proc/309/cmdline	Process not Found
/proc/365/cmdline	/proc/365/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/137/cmdline	/proc/137/cmdline	Process not Found
/proc/384/cmdline	/proc/384/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/94/cmdline	/proc/94/cmdline	Process not Found
/proc/145/cmdline	/proc/145/cmdline	Process not Found
/proc/310/cmdline	/proc/310/cmdline	Process not Found
/proc/372/cmdline	/proc/372/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/378/cmdline	/proc/378/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/282/cmdline	/proc/282/cmdline	Process not Found
/proc/376/cmdline	/proc/376/cmdline	Process not Found
/proc/393/cmdline	/proc/393/cmdline	Process not Found
/proc/481/cmdline	/proc/481/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/106/cmdline	/proc/106/cmdline	Process not Found
/proc/218/cmdline	/proc/218/cmdline	Process not Found
/proc/440/cmdline	/proc/440/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/42/cmdline	/proc/42/cmdline	Process not Found
/proc/103/cmdline	/proc/103/cmdline	Process not Found
/proc/355/cmdline	/proc/355/cmdline	Process not Found
/proc/386/cmdline	/proc/386/cmdline	Process not Found
/proc/447/cmdline	/proc/447/cmdline	Process not Found

/tmp/arm7.elf
/tmp/arm7.elf
1⤵
PID:351
- /bin/sh
  /bin/sh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/arm7.elf bin/busybox; chmod 777 bin/busybox"
  2⤵
  PID:352
- - /bin/rm
    rm -rf bin/busybox
    3⤵
    PID:354
- - /bin/mkdir
    mkdir bin
    3⤵
    - Reads runtime system information
    PID:357
- - /bin/mv
    mv /tmp/arm7.elf bin/busybox
    3⤵
    - Reads runtime system information
    PID:360
- - /bin/chmod
    chmod 777 bin/busybox
    3⤵
    PID:361

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads