8c152109fc1bf0eb013ce93a7b37eaf49bf7b595b9c9b0f983834cddc5760463

Analysis

max time kernel
0s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
03/03/2023, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm7.elf
Size

147KB
MD5

4e72692f8ac28260d51cbb22bf399815
SHA1

af9b48f7a63dc6c60e51b583d4aaa9e538d2a030
SHA256

8c152109fc1bf0eb013ce93a7b37eaf49bf7b595b9c9b0f983834cddc5760463
SHA512

6b26817113519b077f020d5d8a8894bc1582106760e9541ecab2f0e3443d554cad61132e9f6bae3017ac6d520c4e6a1698fd7c1c7d1faae828793803613a4864
SSDEEP

3072:yJTc2PBSpmr7Oabvzj4dlRsh8ZQIldUMXkkTM/9zY:yJTcGXOabvzj4dLsh8/UMXkYM/9zY

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (35347) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/214/cmdline	/proc/214/cmdline	Process not Found
/proc/231/cmdline	/proc/231/cmdline	Process not Found
/proc/389/cmdline	/proc/389/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/27/cmdline	/proc/27/cmdline	Process not Found
/proc/43/cmdline	/proc/43/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/401/cmdline	/proc/401/cmdline	Process not Found
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/108/cmdline	/proc/108/cmdline	Process not Found
/proc/381/cmdline	/proc/381/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/135/cmdline	/proc/135/cmdline	Process not Found
/proc/360/cmdline	/proc/360/cmdline	Process not Found
/proc/363/cmdline	/proc/363/cmdline	Process not Found
/proc/379/cmdline	/proc/379/cmdline	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/136/cmdline	/proc/136/cmdline	Process not Found
/proc/272/cmdline	/proc/272/cmdline	Process not Found
/proc/273/cmdline	/proc/273/cmdline	Process not Found
/proc/315/cmdline	/proc/315/cmdline	Process not Found
/proc/42/cmdline	/proc/42/cmdline	Process not Found
/proc/75/cmdline	/proc/75/cmdline	Process not Found
/proc/144/cmdline	/proc/144/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/239/cmdline	/proc/239/cmdline	Process not Found
/proc/282/cmdline	/proc/282/cmdline	Process not Found
/proc/327/cmdline	/proc/327/cmdline	Process not Found
/proc/403/cmdline	/proc/403/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/139/cmdline	/proc/139/cmdline	Process not Found
/proc/314/cmdline	/proc/314/cmdline	Process not Found
/proc/393/cmdline	/proc/393/cmdline	Process not Found
/proc/399/cmdline	/proc/399/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/370/cmdline	/proc/370/cmdline	Process not Found
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/240/cmdline	/proc/240/cmdline	Process not Found
/proc/317/cmdline	/proc/317/cmdline	Process not Found
/proc/377/cmdline	/proc/377/cmdline	Process not Found
/proc/395/cmdline	/proc/395/cmdline	Process not Found
/proc/25/cmdline	/proc/25/cmdline	Process not Found
/proc/26/cmdline	/proc/26/cmdline	Process not Found
/proc/41/cmdline	/proc/41/cmdline	Process not Found
/proc/149/cmdline	/proc/149/cmdline	Process not Found
/proc/285/cmdline	/proc/285/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/391/cmdline	/proc/391/cmdline	Process not Found
/proc/109/cmdline	/proc/109/cmdline	Process not Found
/proc/387/cmdline	/proc/387/cmdline	Process not Found
/proc/397/cmdline	/proc/397/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/8/cmdline	/proc/8/cmdline	Process not Found

/tmp/arm7.elf
/tmp/arm7.elf
1⤵
PID:364
- /bin/sh
  /bin/sh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/arm7.elf bin/busybox; chmod 777 bin/busybox"
  2⤵
  PID:365
- - /bin/rm
    rm -rf bin/busybox
    3⤵
    PID:367
- - /bin/mkdir
    mkdir bin
    3⤵
    - Reads runtime system information
    PID:368
- - /bin/mv
    mv /tmp/arm7.elf bin/busybox
    3⤵
    - Reads runtime system information
    PID:369
- - /bin/chmod
    chmod 777 bin/busybox
    3⤵
    PID:374

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads