973b8f43d21ef99b5c70cf72f95b0593cf646131cc1acc9b84dfdf29e76c568b | Triage

Analysis

max time kernel
0s
max time network
126s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
23-11-2022 15:32

Sharing

Report Analysis Logs

General

Target

fscan_arm
Size

19.9MB
MD5

f5d0a70bd61acf171876d809d24ebab6
SHA1

c601ad0d85a4715c6537cc7e6ce4673c7fec2ea7
SHA256

973b8f43d21ef99b5c70cf72f95b0593cf646131cc1acc9b84dfdf29e76c568b
SHA512

97411702e46ed273163ab2033117be310618c8ff77b1d3093386f9143e1a2f6844945bd11f19a05edac76090468f876c0774a192443f733e445c7e6637a15568
SSDEEP

98304:ZQR7nPk8QIkPUmd7v1+k/KW1rlhCg3hMzcbcfkK67q6UnaO8N:ZA7vbmdboq3hMzcbz7q6Una9N

Score

5^/10

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

fscan_arm

description ioc process

/sys/kernel/mm/transparent_hugepage/hpage_pmd_size /sys/kernel/mm/transparent_hugepage/hpage_pmd_size fscan_arm

/tmp/fscan_arm
/tmp/fscan_arm
1⤵
- Enumerates kernel/hardware configuration
PID:356

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads