3d97ad77695a440f4d66139a530676f460835b0581fa5e6300b411b94f31ddb2

Analysis

max time kernel
0s
max time network
152s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
16-03-2023 22:37

Target

dfa7ac51ab818919ac6693e01f090e37.elf
Size

156KB
MD5

dfa7ac51ab818919ac6693e01f090e37
SHA1

19f7f4f4cc0a736d6706bb8ea07fa5eacdf5e44a
SHA256

3d97ad77695a440f4d66139a530676f460835b0581fa5e6300b411b94f31ddb2
SHA512

87858affe00dd2f17d1b5c3b3d7908b5bb9c5f6a06387ce134f4f0b77aac5f6e0832663c34341f0d87413d6d56dc6111bea025b3a68aeabe206d6e51fdbd1425
SSDEEP

3072:T1g2/eINNlzx2kkQCMOaQcvBzYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/9YnydM/9MmFwfBxE

Score

7^/10

Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

dfa7ac51ab818919ac6693e01f090e37.elf

description ioc process

/proc/net/route /proc/net/route dfa7ac51ab818919ac6693e01f090e37.elf
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

dfa7ac51ab818919ac6693e01f090e37.elf

description ioc process

/proc/net/route /proc/net/route dfa7ac51ab818919ac6693e01f090e37.elf

description	ioc	process
/proc/net/route	/proc/net/route	dfa7ac51ab818919ac6693e01f090e37.elf

description	ioc	process
/proc/net/route	/proc/net/route	dfa7ac51ab818919ac6693e01f090e37.elf

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact