d377066d8a5e0177262032fb4a803547a819d196da9960a4f4972f35bfa5eeb2

Analysis

max time kernel
30221s
max time network
182s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
23-11-2022 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb1fbbf8194bc1b67d1416f16801dd6c.elf
Size

121KB
MD5

cb1fbbf8194bc1b67d1416f16801dd6c
SHA1

c3c4a4aa6e2d6932a229b7ff65c353b91ff0827a
SHA256

d377066d8a5e0177262032fb4a803547a819d196da9960a4f4972f35bfa5eeb2
SHA512

24eaef9673a5c45af36e864c8b9d723d00754ada2da688b3500d4d01f74e28f259463a5668884cfa6663b41f83ab350a4f2dcd1ee8a59c70af0caf3f1d9f7206
SSDEEP

3072:qEZhzRw+1o2Clr9EIepHPXB4iqfPjsM/9YM:lZhzp19Ur9EIepHvBkfPIM/9YM

Score

9^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
/proc/132/cmdline	/proc/132/cmdline
/proc/3/maps	/proc/3/maps
/proc/27/maps	/proc/27/maps
/proc/41/cmdline	/proc/41/cmdline
/proc/43/cmdline	/proc/43/cmdline
/proc/6/maps	/proc/6/maps
/proc/42/maps	/proc/42/maps
/proc/228/cmdline	/proc/228/cmdline
/proc/434/maps	/proc/434/maps
/proc/307/maps	/proc/307/maps
/proc/370/cmdline	/proc/370/cmdline
/proc/1/cmdline	/proc/1/cmdline
/proc/43/maps	/proc/43/maps
/proc/154/cmdline	/proc/154/cmdline
/proc/271/maps	/proc/271/maps
/proc/132/maps	/proc/132/maps
/proc/349/cmdline	/proc/349/cmdline
/proc/364/maps	/proc/364/maps
/proc/415/maps	/proc/415/maps
/proc/7/maps	/proc/7/maps
/proc/29/cmdline	/proc/29/cmdline
/proc/95/maps	/proc/95/maps
/proc/103/cmdline	/proc/103/cmdline
/proc/366/cmdline	/proc/366/cmdline
/proc/451/maps	/proc/451/maps
/proc/11/maps	/proc/11/maps
/proc/225/maps	/proc/225/maps
/proc/301/maps	/proc/301/maps
/proc/306/cmdline	/proc/306/cmdline
/proc/2/cmdline	/proc/2/cmdline
/proc/7/cmdline	/proc/7/cmdline
/proc/17/maps	/proc/17/maps
/proc/376/maps	/proc/376/maps
/proc/382/maps	/proc/382/maps
/proc/9/maps	/proc/9/maps
/proc/26/maps	/proc/26/maps
/proc/41/maps	/proc/41/maps
/proc/74/cmdline	/proc/74/cmdline
/proc/29/maps	/proc/29/maps
/proc/410/maps	/proc/410/maps
/proc/426/cmdline	/proc/426/cmdline
/proc/14/maps	/proc/14/maps
/proc/15/cmdline	/proc/15/cmdline
/proc/16/maps	/proc/16/maps
/proc/28/cmdline	/proc/28/cmdline
/proc/378/maps	/proc/378/maps
/proc/21/cmdline	/proc/21/cmdline
/proc/304/maps	/proc/304/maps
/proc/362/maps	/proc/362/maps
/proc/374/cmdline	/proc/374/cmdline
/proc/344/cmdline	/proc/344/cmdline
/proc/364/cmdline	/proc/364/cmdline
/proc/378/cmdline	/proc/378/cmdline
/proc/395/maps	/proc/395/maps
/proc/1/maps	/proc/1/maps
/proc/5/cmdline	/proc/5/cmdline
/proc/301/cmdline	/proc/301/cmdline
/proc/307/cmdline	/proc/307/cmdline
/proc/441/maps	/proc/441/maps
/proc/448/maps	/proc/448/maps
/proc/3/cmdline	/proc/3/cmdline
/proc/25/cmdline	/proc/25/cmdline
/proc/26/cmdline	/proc/26/cmdline
/proc/370/maps	/proc/370/maps

/tmp/cb1fbbf8194bc1b67d1416f16801dd6c.elf
/tmp/cb1fbbf8194bc1b67d1416f16801dd6c.elf
1⤵
PID:351

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads