Overview

overview

10

Static

static

10

61e9e83592...189454

debian-9-armhf

7

Analysis

  • max time kernel
    30992s
  • max time network
    159s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • resource tags

    arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    30-11-2022 12:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61e9e835925708541e341b2df11de338e500414596ad4749a7a5287b21189454

  • Size

    116KB

  • MD5

    37bd88db0293a646725f306257f44c07

  • SHA1

    d94a0dc16fd868a8b636e1ecc636725936c41fc2

  • SHA256

    61e9e835925708541e341b2df11de338e500414596ad4749a7a5287b21189454

  • SHA512

    448ee5e75feb9a679e4df326b4ab23d31c23edcc8acba6f044558fbdad1d05d2893fecf9975eaf3a020944182ae25feafc35603bb57de23bad457003fbc84350

  • SSDEEP

    3072:ed3Da04A7iNmLJMQJBg5hd5Kynz2FAdmyDQUJ1UX4Tn:G3Da1ciABg5hd5K3FAdmyDQUJ1a4Tn

Score
7/10

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/61e9e835925708541e341b2df11de338e500414596ad4749a7a5287b21189454
    /tmp/61e9e835925708541e341b2df11de338e500414596ad4749a7a5287b21189454
    1⤵
    • Reads system routing table
    • Reads system network configuration
    PID:363

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads