a004cbdce66635dfdfa590a350ddf97fd31a65fe89aa872ebd454913682c0a7f

Analysis

max time kernel
10255s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
10-03-2023 10:11

Target

02ad01cc3916b2c678dbe73ac2b497e2.elf
Size

118KB
MD5

02ad01cc3916b2c678dbe73ac2b497e2
SHA1

6db36b1a3a6b1f529cbc47b3ef3df5b3ab7bad81
SHA256

a004cbdce66635dfdfa590a350ddf97fd31a65fe89aa872ebd454913682c0a7f
SHA512

5ff7903440542236d98d334f0ee4f5687dbaa83b918cc0f04acf60b0a6d5a3fe7672583811dfaf44bf58381c91fa7671fe00c21fbf7843759e6e2a7686483f54
SSDEEP

3072:ekYPUfsgnsb0J2ag/VfkkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0kkDy+mTQOY5R3cn

Score

7^/10

Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

02ad01cc3916b2c678dbe73ac2b497e2.elf

description ioc process

/proc/net/route /proc/net/route 02ad01cc3916b2c678dbe73ac2b497e2.elf
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

02ad01cc3916b2c678dbe73ac2b497e2.elf

description ioc process

/proc/net/route /proc/net/route 02ad01cc3916b2c678dbe73ac2b497e2.elf

description	ioc	process
/proc/net/route	/proc/net/route	02ad01cc3916b2c678dbe73ac2b497e2.elf

description	ioc	process
/proc/net/route	/proc/net/route	02ad01cc3916b2c678dbe73ac2b497e2.elf

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact