497e64b44aaaf625411a84d8fed724f9c3ed385630771d15d3bbe6f7ded5961f

Analysis

max time kernel
8343s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
16-02-2023 07:00

Target

8a11cf3c68136fa6672ca192919cc0ed
Size

178KB
MD5

8a11cf3c68136fa6672ca192919cc0ed
SHA1

61efee129285ed3d5d30abe24ee41d52c194a316
SHA256

497e64b44aaaf625411a84d8fed724f9c3ed385630771d15d3bbe6f7ded5961f
SHA512

84669184f55608141128a7b45327fb4f3b1efa4a8f81b5b59caf17800103652af3575fe3f149e7b48c7d1342bcd2018bf20d1ee55439d770ab6b3af98b47fb75
SSDEEP

3072:/BdcOQLpL5sSEa1EOu5ZCp5cePI5hhdHQbY/yV1oUyT6yzmtQjkh9QJ75e:bDQl5Ea1EOZPI5hhdOY/yklzmtQjkTQ6

Score

7^/10

Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

8a11cf3c68136fa6672ca192919cc0ed

description ioc process

/proc/net/route /proc/net/route 8a11cf3c68136fa6672ca192919cc0ed
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

8a11cf3c68136fa6672ca192919cc0ed

description ioc process

/proc/net/route /proc/net/route 8a11cf3c68136fa6672ca192919cc0ed

description	ioc	process
/proc/net/route	/proc/net/route	8a11cf3c68136fa6672ca192919cc0ed

description	ioc	process
/proc/net/route	/proc/net/route	8a11cf3c68136fa6672ca192919cc0ed

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact