Analysis
-
max time kernel
38975s -
max time network
154s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
04-03-2023 19:23
Behavioral task
behavioral1
Sample
3bfae100f42ccc5b37123998423d1360.elf
Resource
debian9-armhf-en-20211208
General
-
Target
3bfae100f42ccc5b37123998423d1360.elf
-
Size
152KB
-
MD5
3bfae100f42ccc5b37123998423d1360
-
SHA1
9081a39648b544259bdcd621ec6b5ff953b1ad12
-
SHA256
40abe0b1bc5425e76f868a880bacc5144bff63b6865ff1eaaba570f960f58efb
-
SHA512
4e9336d077fccd9e32f4038121df0c57bc87f7962b0a33bbde7596603743567497e401499c54d6059c9ed09f51ba97c1fbdbc9e80d0216bf6f9cb54b658c09da
-
SSDEEP
3072:tdntU2haO5H1XacBoGmh9H5r5hDiGRvEM/9f9T637m5wTsL/Qpyn:ntVhaO5H1qEc9Hh5hDiGRcM/9l+7m5wS
Malware Config
Signatures
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
3bfae100f42ccc5b37123998423d1360.elfdescription ioc process /proc/net/route /proc/net/route 3bfae100f42ccc5b37123998423d1360.elf -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
3bfae100f42ccc5b37123998423d1360.elfdescription ioc process /proc/net/route /proc/net/route 3bfae100f42ccc5b37123998423d1360.elf