Overview

overview

10

Static

static

10

6590684dc6...c5.elf

debian-9-armhf

7

Analysis

  • max time kernel
    10943s
  • max time network
    151s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    18-03-2023 09:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6590684dc6f49aa1592b87e28c342ec5.elf

  • Size

    108KB

  • MD5

    6590684dc6f49aa1592b87e28c342ec5

  • SHA1

    0f0c408cda73e6871c89f39f0ef54e3d3c615417

  • SHA256

    f6afa4b1a0e82548477e9e1fe7bdb5fd7f09f367b7f981470d9ed870f8647278

  • SHA512

    cdd60e9f8f598976b03b699c3f33054830a8466c639ed52b72889d214aabea956f9f17236e909dc1c3fd51a9e1abb04fb3decf46f5a97dd2e18c3c1a32195657

  • SSDEEP

    3072:b6an17WtsWhdgYJ90D6mbPbmTQOWsXAOn:Wan17WPJ90D6ibmTQOWCAOn

Score
7/10

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/6590684dc6f49aa1592b87e28c342ec5.elf
    /tmp/6590684dc6f49aa1592b87e28c342ec5.elf
    1⤵
    • Reads system routing table
    • Reads system network configuration
    PID:359

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads