Analysis
-
max time kernel
0s -
max time network
127s -
platform
debian-9_armhf -
resource
debian9-armhf-20221111-en -
resource tags
arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
07-02-2023 01:28
Behavioral task
behavioral1
Sample
f139a2fe43f6ca2a27a35ae2df42e4f3.elf
Resource
debian9-armhf-20221111-en
debian-9-armhf
2 signatures
150 seconds
General
-
Target
f139a2fe43f6ca2a27a35ae2df42e4f3.elf
-
Size
121KB
-
MD5
f139a2fe43f6ca2a27a35ae2df42e4f3
-
SHA1
29d652ce79d899c8b1b760ce206f1e009b8386b0
-
SHA256
7d281a42e7f68db991844932a035175b295894228ece8649730271d591ed72fc
-
SHA512
0e9ac323c130ffead9e39a269f576a639ea4b0d2ad3f5b14a42bcf90406d23ffa605a4505e7c325513f3d6fcaae0a33cb48e2feb357128652043c4536739766f
-
SSDEEP
3072:0NJf9avjj1UxcYAEaY5h9s6tlgqmEQ92tX8Q8:49avjjSaY5h9s6gqmEQ92x8Q8
Score
7/10
Malware Config
Signatures
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
f139a2fe43f6ca2a27a35ae2df42e4f3.elfdescription ioc process /proc/net/route /proc/net/route f139a2fe43f6ca2a27a35ae2df42e4f3.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
f139a2fe43f6ca2a27a35ae2df42e4f3.elfdescription ioc process /proc/net/route /proc/net/route f139a2fe43f6ca2a27a35ae2df42e4f3.elf