Overview

overview

10

Static

static

10

a-r.m-6.Sakura.elf

debian-9-armhf

7

Analysis

  • max time kernel
    9220s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    26-02-2023 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a-r.m-6.Sakura.elf

  • Size

    118KB

  • MD5

    5b1bbf38bd3ade35a2557875319c0e7c

  • SHA1

    4a0943bff8f9fdd2ee5890119a20e5917e8f8cb4

  • SHA256

    dd104e248ac21e06d6a5403419ae9862a48c8b1cea20ecab6efb8f4e5198601a

  • SHA512

    af9aac83978f43bce8f5c935ac1a251e22c815910ac031797e4ef194bfd7e62189bc8e1e0bab715abde8ea8d324feb04f865da5cc590dcaef349cbb9f5bf98ff

  • SSDEEP

    3072:ekYPUfsgnsb0J2ag/VfakDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0akDy+mTQOY5R3cn

Score
7/10

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/a-r.m-6.Sakura.elf
    /tmp/a-r.m-6.Sakura.elf
    1⤵
    • Reads system routing table
    • Reads system network configuration
    PID:349

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads