Analysis
-
max time kernel
37438s -
max time network
153s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
-
submitted
15-02-2023 00:20
General
-
Target
789eb5434280fb0c10bbe3d89536754d.elf
-
Size
138KB
-
MD5
789eb5434280fb0c10bbe3d89536754d
-
SHA1
1a5f3d3a625789f95e4e35a11b64859870c97afe
-
SHA256
f8158b2713f0c188a5e225f9133bbfa45440146dfa207dd07e0383e822ea812c
-
SHA512
985fa3026e6be105ece1a690f08f7bde68ec8ddc9ce81e910990273e02e9f9528b1033d4fa868a67ba269b2fa709d101e9723334099424a131f1e2fcb897433f
-
SSDEEP
3072:1hEdC1wadWINYgKWf7kHAp02MZ/J2d6z81ozF6GjmrQ9YJrXFT2:1h46wacoYgy2MZ/HZjmrQ9YJbFT2
Score
9/10
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes
-
/tmp/789eb5434280fb0c10bbe3d89536754d.elf/tmp/789eb5434280fb0c10bbe3d89536754d.elf1⤵
- Reads system routing table
- Reads system network configuration