f88e99209435f940b4e1b039cabdeec508017908275137f193c784cf0d29e4c9

Analysis

max time kernel
0s
max time network
176s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08/03/2023, 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf
Size

158KB
MD5

7940b47f142572132e726897adac0432
SHA1

af48cd3ee154f36c6a88dccd2680e268e7534418
SHA256

0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe
SHA512

bbb01a3c30cf30fc6d490c38dadfb0926cf24f3ba557a24c93ed78b235fcd55e5c01932577d16c6dc9d9737a48f67bd3090f9396d1d791c89613b3c536348089
SSDEEP

3072:2GMavKqPtHGHAGhYaIrIomY90AoTthWZLptbAu2LUM/93okPZf7:2GMSKqPXEYaMIomY90BTtsfbAu2wM/9b

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (35573) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/272/cmdline	/proc/272/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/167/cmdline	/proc/167/cmdline	Process not Found
/proc/390/cmdline	/proc/390/cmdline	Process not Found
/proc/25/cmdline	/proc/25/cmdline	Process not Found
/proc/231/cmdline	/proc/231/cmdline	Process not Found
/proc/380/cmdline	/proc/380/cmdline	Process not Found
/proc/382/cmdline	/proc/382/cmdline	Process not Found
/proc/392/cmdline	/proc/392/cmdline	Process not Found
/proc/214/cmdline	/proc/214/cmdline	Process not Found
/proc/366/cmdline	/proc/366/cmdline	Process not Found
/proc/384/cmdline	/proc/384/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/75/cmdline	/proc/75/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/240/cmdline	/proc/240/cmdline	Process not Found
/proc/282/cmdline	/proc/282/cmdline	Process not Found
/proc/402/cmdline	/proc/402/cmdline	Process not Found
/proc/400/cmdline	/proc/400/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/29/cmdline	/proc/29/cmdline	Process not Found
/proc/136/cmdline	/proc/136/cmdline	Process not Found
/proc/388/cmdline	/proc/388/cmdline	Process not Found
/proc/27/cmdline	/proc/27/cmdline	Process not Found
/proc/42/cmdline	/proc/42/cmdline	Process not Found
/proc/135/cmdline	/proc/135/cmdline	Process not Found
/proc/144/cmdline	/proc/144/cmdline	Process not Found
/proc/406/cmdline	/proc/406/cmdline	Process not Found
/proc/327/cmdline	/proc/327/cmdline	Process not Found
/proc/394/cmdline	/proc/394/cmdline	Process not Found
/proc/396/cmdline	/proc/396/cmdline	Process not Found
/proc/404/cmdline	/proc/404/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/41/cmdline	/proc/41/cmdline	Process not Found
/proc/149/cmdline	/proc/149/cmdline	Process not Found
/proc/398/cmdline	/proc/398/cmdline	Process not Found
/proc/109/cmdline	/proc/109/cmdline	Process not Found
/proc/273/cmdline	/proc/273/cmdline	Process not Found
/proc/315/cmdline	/proc/315/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/5/cmdline	/proc/5/cmdline	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/106/cmdline	/proc/106/cmdline	Process not Found
/proc/108/cmdline	/proc/108/cmdline	Process not Found
/proc/285/cmdline	/proc/285/cmdline	Process not Found
/proc/317/cmdline	/proc/317/cmdline	Process not Found
/proc/361/cmdline	/proc/361/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir

/tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf
/tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf
1⤵
PID:368
- /bin/sh
  /bin/sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf d�bin/watchdog; chmod 777 bin/watchdog"
  2⤵
  PID:369
- - /bin/rm
    rm -rf bin/watchdog
    3⤵
    PID:370
- - /bin/mkdir
    mkdir bin
    3⤵
    - Reads runtime system information
    PID:371
- - /bin/mv
    mv "/tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf" "d�bin/watchdog"
    3⤵
    - Reads runtime system information
    PID:376
- - /bin/chmod
    chmod 777 "bin/watchdog"
    3⤵
    PID:377

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...