f88e99209435f940b4e1b039cabdeec508017908275137f193c784cf0d29e4c9

Analysis

max time kernel
0s
max time network
176s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08/03/2023, 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf
Size

158KB
MD5

7940b47f142572132e726897adac0432
SHA1

af48cd3ee154f36c6a88dccd2680e268e7534418
SHA256

0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe
SHA512

bbb01a3c30cf30fc6d490c38dadfb0926cf24f3ba557a24c93ed78b235fcd55e5c01932577d16c6dc9d9737a48f67bd3090f9396d1d791c89613b3c536348089
SSDEEP

3072:2GMavKqPtHGHAGhYaIrIomY90AoTthWZLptbAu2LUM/93okPZf7:2GMSKqPXEYaMIomY90BTtsfbAu2wM/9b

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (35573) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/272/cmdline	/proc/272/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/167/cmdline	/proc/167/cmdline	Process not Found
/proc/390/cmdline	/proc/390/cmdline	Process not Found
/proc/25/cmdline	/proc/25/cmdline	Process not Found
/proc/231/cmdline	/proc/231/cmdline	Process not Found
/proc/380/cmdline	/proc/380/cmdline	Process not Found
/proc/382/cmdline	/proc/382/cmdline	Process not Found
/proc/392/cmdline	/proc/392/cmdline	Process not Found
/proc/214/cmdline	/proc/214/cmdline	Process not Found
/proc/366/cmdline	/proc/366/cmdline	Process not Found
/proc/384/cmdline	/proc/384/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/75/cmdline	/proc/75/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/240/cmdline	/proc/240/cmdline	Process not Found
/proc/282/cmdline	/proc/282/cmdline	Process not Found
/proc/402/cmdline	/proc/402/cmdline	Process not Found
/proc/400/cmdline	/proc/400/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/29/cmdline	/proc/29/cmdline	Process not Found
/proc/136/cmdline	/proc/136/cmdline	Process not Found
/proc/388/cmdline	/proc/388/cmdline	Process not Found
/proc/27/cmdline	/proc/27/cmdline	Process not Found
/proc/42/cmdline	/proc/42/cmdline	Process not Found
/proc/135/cmdline	/proc/135/cmdline	Process not Found
/proc/144/cmdline	/proc/144/cmdline	Process not Found
/proc/406/cmdline	/proc/406/cmdline	Process not Found
/proc/327/cmdline	/proc/327/cmdline	Process not Found
/proc/394/cmdline	/proc/394/cmdline	Process not Found
/proc/396/cmdline	/proc/396/cmdline	Process not Found
/proc/404/cmdline	/proc/404/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/41/cmdline	/proc/41/cmdline	Process not Found
/proc/149/cmdline	/proc/149/cmdline	Process not Found
/proc/398/cmdline	/proc/398/cmdline	Process not Found
/proc/109/cmdline	/proc/109/cmdline	Process not Found
/proc/273/cmdline	/proc/273/cmdline	Process not Found
/proc/315/cmdline	/proc/315/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/5/cmdline	/proc/5/cmdline	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/106/cmdline	/proc/106/cmdline	Process not Found
/proc/108/cmdline	/proc/108/cmdline	Process not Found
/proc/285/cmdline	/proc/285/cmdline	Process not Found
/proc/317/cmdline	/proc/317/cmdline	Process not Found
/proc/361/cmdline	/proc/361/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir

/tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf
/tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf
1⤵
PID:368
- /bin/sh
  /bin/sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf d�bin/watchdog; chmod 777 bin/watchdog"
  2⤵
  PID:369
- - /bin/rm
    rm -rf bin/watchdog
    3⤵
    PID:370
- - /bin/mkdir
    mkdir bin
    3⤵
    - Reads runtime system information
    PID:371
- - /bin/mv
    mv "/tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf" "d�bin/watchdog"
    3⤵
    - Reads runtime system information
    PID:376
- - /bin/chmod
    chmod 777 "bin/watchdog"
    3⤵
    PID:377

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads