6809cd3097cafa2c01e393b03098ef771ce6f096318c0bc7c6c8618595e6ddb6

Analysis

max time kernel
0s
max time network
127s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
09-02-2023 00:28

Target

66d4ac8af86caeb43daf77d5d4f01ed5.elf
Size

157KB
MD5

66d4ac8af86caeb43daf77d5d4f01ed5
SHA1

c8c06e1bc3000ebf5011215917dd90fe537b6a78
SHA256

6809cd3097cafa2c01e393b03098ef771ce6f096318c0bc7c6c8618595e6ddb6
SHA512

5e8f4b6f436806f294eb8592664515718db43a89fc47b6e0b20965e76c5e973f71a7e07c8db81411add11a84d7d85331dbf5561b496d0e318391a35587a7ce77
SSDEEP

3072:Bi3eg/SaaOfhANbakAslSo9unH5EM/9xEZomgwZBxPQgVa:xg/SatfmNbaEz9unHqM/92omgwZBxIgs

Score

7^/10

Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

66d4ac8af86caeb43daf77d5d4f01ed5.elf

description ioc process

/proc/net/route /proc/net/route 66d4ac8af86caeb43daf77d5d4f01ed5.elf
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

66d4ac8af86caeb43daf77d5d4f01ed5.elf

description ioc process

/proc/net/route /proc/net/route 66d4ac8af86caeb43daf77d5d4f01ed5.elf

description	ioc	process
/proc/net/route	/proc/net/route	66d4ac8af86caeb43daf77d5d4f01ed5.elf

description	ioc	process
/proc/net/route	/proc/net/route	66d4ac8af86caeb43daf77d5d4f01ed5.elf

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact