Analysis
-
max time kernel
9220s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20221111-en -
resource tags
arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
26-02-2023 10:51
Behavioral task
behavioral1
Sample
a-r.m-6.Sakura.elf
Resource
debian9-armhf-20221111-en
debian-9-armhf
2 signatures
150 seconds
General
-
Target
a-r.m-6.Sakura.elf
-
Size
118KB
-
MD5
5b1bbf38bd3ade35a2557875319c0e7c
-
SHA1
4a0943bff8f9fdd2ee5890119a20e5917e8f8cb4
-
SHA256
dd104e248ac21e06d6a5403419ae9862a48c8b1cea20ecab6efb8f4e5198601a
-
SHA512
af9aac83978f43bce8f5c935ac1a251e22c815910ac031797e4ef194bfd7e62189bc8e1e0bab715abde8ea8d324feb04f865da5cc590dcaef349cbb9f5bf98ff
-
SSDEEP
3072:ekYPUfsgnsb0J2ag/VfakDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0akDy+mTQOY5R3cn
Score
7/10
Malware Config
Signatures
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
a-r.m-6.Sakura.elfdescription ioc process /proc/net/route /proc/net/route a-r.m-6.Sakura.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
a-r.m-6.Sakura.elfdescription ioc process /proc/net/route /proc/net/route a-r.m-6.Sakura.elf