Analysis
-
max time kernel
30991s -
max time network
150s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
30-11-2022 12:44
Behavioral task
behavioral1
Sample
62bf0d72ed7df3c803df43cbb8d2922b6dda038e27599221aaeef1f0d5c3dac7
Resource
debian9-armhf-en-20211208
debian-9-armhf
2 signatures
150 seconds
General
-
Target
62bf0d72ed7df3c803df43cbb8d2922b6dda038e27599221aaeef1f0d5c3dac7
-
Size
150KB
-
MD5
3288afc7e44e959d3b96a6a0f7418024
-
SHA1
2d4180986ccc0bef7e84891a1ce670af04a3ee72
-
SHA256
62bf0d72ed7df3c803df43cbb8d2922b6dda038e27599221aaeef1f0d5c3dac7
-
SHA512
5630571b50fa56c73ac066698155481e0e52e573061e786e95c4acae5acf17196920753e7b4868d4ecd93f8ec23f0b864cd809ae3c792c7c33e0eab9fc33437d
-
SSDEEP
3072:OIFank65nvQEaNGaQ5ObmanbHrFM/95CmpwfvRQfZn:JFak65nIEiQ5CmanD5M/95CmpwfvafZn
Score
7/10
Malware Config
Signatures
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
62bf0d72ed7df3c803df43cbb8d2922b6dda038e27599221aaeef1f0d5c3dac7description ioc process /proc/net/route /proc/net/route 62bf0d72ed7df3c803df43cbb8d2922b6dda038e27599221aaeef1f0d5c3dac7 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
62bf0d72ed7df3c803df43cbb8d2922b6dda038e27599221aaeef1f0d5c3dac7description ioc process /proc/net/route /proc/net/route 62bf0d72ed7df3c803df43cbb8d2922b6dda038e27599221aaeef1f0d5c3dac7