f181dd7b61804fd6b9a084d50ef6d6a512835c3a73ffccf77de9400a7084f4a0

Analysis

max time kernel
1405s
max time network
160s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
27-11-2022 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jklarm7.elf
Size

121KB
MD5

00715123653296ac9808fb80c7523a0b
SHA1

b39079f672adc38774a8d11d4f98d34e2fb0089a
SHA256

f181dd7b61804fd6b9a084d50ef6d6a512835c3a73ffccf77de9400a7084f4a0
SHA512

70d08604fed969df755d6e87be6ca146f215c7a6a457a874c4e5f3c0fbde7529a53ad1ed23bb11c31adb0826e24f03ce06a5ad11f69a39919b3cbc22be584ed6
SSDEEP

3072:ckhhXRpV11tSlbR44+iV/VVr4vfPjsM/9bnM:ThhXl1PkbR44+i5V+vfPIM/9zM

Score

9^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
/proc/42/maps	/proc/42/maps
/proc/320/maps	/proc/320/maps
/proc/453/maps	/proc/453/maps
/proc/436/cmdline	/proc/436/cmdline
/proc/3/maps	/proc/3/maps
/proc/8/maps	/proc/8/maps
/proc/319/cmdline	/proc/319/cmdline
/proc/365/maps	/proc/365/maps
/proc/391/maps	/proc/391/maps
/proc/20/maps	/proc/20/maps
/proc/95/maps	/proc/95/maps
/proc/317/maps	/proc/317/maps
/proc/453/cmdline	/proc/453/cmdline
/proc/10/maps	/proc/10/maps
/proc/11/cmdline	/proc/11/cmdline
/proc/23/cmdline	/proc/23/cmdline
/proc/281/maps	/proc/281/maps
/proc/283/cmdline	/proc/283/cmdline
/proc/13/maps	/proc/13/maps
/proc/15/cmdline	/proc/15/cmdline
/proc/314/maps	/proc/314/maps
/proc/422/maps	/proc/422/maps
/proc/134/maps	/proc/134/maps
/proc/138/cmdline	/proc/138/cmdline
/proc/290/cmdline	/proc/290/cmdline
/proc/375/cmdline	/proc/375/cmdline
/proc/458/maps	/proc/458/maps
/proc/294/cmdline	/proc/294/cmdline
/proc/359/maps	/proc/359/maps
/proc/449/maps	/proc/449/maps
/proc/24/maps	/proc/24/maps
/proc/26/cmdline	/proc/26/cmdline
/proc/29/cmdline	/proc/29/cmdline
/proc/133/maps	/proc/133/maps
/proc/134/cmdline	/proc/134/cmdline
/proc/426/maps	/proc/426/maps
/proc/12/maps	/proc/12/maps
/proc/15/maps	/proc/15/maps
/proc/21/cmdline	/proc/21/cmdline
/proc/74/maps	/proc/74/maps
/proc/359/cmdline	/proc/359/cmdline
/proc/434/maps	/proc/434/maps
/proc/23/maps	/proc/23/maps
/proc/43/maps	/proc/43/maps
/proc/354/maps	/proc/354/maps
/proc/389/cmdline	/proc/389/cmdline
/proc/414/cmdline	/proc/414/cmdline
/proc/288/maps	/proc/288/maps
/proc/397/maps	/proc/397/maps
/proc/430/cmdline	/proc/430/cmdline
/proc/365/cmdline	/proc/365/cmdline
/proc/381/cmdline	/proc/381/cmdline
/proc/461/cmdline	/proc/461/cmdline
/proc/4/cmdline	/proc/4/cmdline
/proc/10/cmdline	/proc/10/cmdline
/proc/16/maps	/proc/16/maps
/proc/18/maps	/proc/18/maps
/proc/107/maps	/proc/107/maps
/proc/self/maps	/proc/self/maps
/proc/25/cmdline	/proc/25/cmdline
/proc/74/cmdline	/proc/74/cmdline
/proc/247/cmdline	/proc/247/cmdline
/proc/409/maps	/proc/409/maps
/proc/451/maps	/proc/451/maps

/tmp/jklarm7.elf
/tmp/jklarm7.elf
1⤵
PID:361

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads