3dd48d1dd56840b6e37b667a81995fe861270f8e97624aecb49dbb25de6f0163

Analysis

max time kernel
40172s
max time network
153s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
18-03-2023 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm7.elf
Size

145KB
MD5

362f9c66301cc614bd7f1ba7ab5be8ec
SHA1

6da033ce9e54cd3799b145ae51bef52aacc37e4b
SHA256

3dd48d1dd56840b6e37b667a81995fe861270f8e97624aecb49dbb25de6f0163
SHA512

d6117f005c0b00b37c6ae55a8165fdf6ce4632cd39de86e066f7be68a047ff2db6288c5fbe3a88879aced0e722840b9eef9d6d7afa2838da5f249d5344ef8fc7
SSDEEP

3072:7d8gZnSRkhcfaOUrLBdWAO6Fk4JVa0qWPATM/91jt7:7d8gZgfaOUrLBdvO6Vo0qWPEM/9Nt7

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (35059) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/27/cmdline	/proc/27/cmdline	Process not Found
/proc/29/cmdline	/proc/29/cmdline	Process not Found
/proc/373/cmdline	/proc/373/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/312/cmdline	/proc/312/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/210/cmdline	/proc/210/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/113/cmdline	/proc/113/cmdline	Process not Found
/proc/385/cmdline	/proc/385/cmdline	Process not Found
/proc/395/cmdline	/proc/395/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/42/cmdline	/proc/42/cmdline	Process not Found
/proc/391/cmdline	/proc/391/cmdline	Process not Found
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/26/cmdline	/proc/26/cmdline	Process not Found
/proc/234/cmdline	/proc/234/cmdline	Process not Found
/proc/280/cmdline	/proc/280/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/43/cmdline	/proc/43/cmdline	Process not Found
/proc/233/cmdline	/proc/233/cmdline	Process not Found
/proc/314/cmdline	/proc/314/cmdline	Process not Found
/proc/315/cmdline	/proc/315/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/101/cmdline	/proc/101/cmdline	Process not Found
/proc/110/cmdline	/proc/110/cmdline	Process not Found
/proc/236/cmdline	/proc/236/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/351/cmdline	/proc/351/cmdline	Process not Found
/proc/360/cmdline	/proc/360/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/25/cmdline	/proc/25/cmdline	Process not Found
/proc/152/cmdline	/proc/152/cmdline	Process not Found
/proc/169/cmdline	/proc/169/cmdline	Process not Found
/proc/356/cmdline	/proc/356/cmdline	Process not Found
/proc/147/cmdline	/proc/147/cmdline	Process not Found
/proc/41/cmdline	/proc/41/cmdline	Process not Found
/proc/80/cmdline	/proc/80/cmdline	Process not Found
/proc/157/cmdline	/proc/157/cmdline	Process not Found
/proc/291/cmdline	/proc/291/cmdline	Process not Found
/proc/379/cmdline	/proc/379/cmdline	Process not Found
/proc/417/cmdline	/proc/417/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/217/cmdline	/proc/217/cmdline	Process not Found
/proc/308/cmdline	/proc/308/cmdline	Process not Found
/proc/367/cmdline	/proc/367/cmdline	Process not Found
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/139/cmdline	/proc/139/cmdline	Process not Found
/proc/283/cmdline	/proc/283/cmdline	Process not Found
/proc/429/cmdline	/proc/429/cmdline	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found

/tmp/arm7.elf
/tmp/arm7.elf
1⤵
PID:354
- /bin/sh
  /bin/sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/arm7.elf bin/watchdog; chmod 777 bin/watchdog"
  2⤵
  PID:355
- - /bin/rm
    rm -rf bin/watchdog
    3⤵
    PID:357
- - /bin/mkdir
    mkdir bin
    3⤵
    - Reads runtime system information
    PID:358
- - /bin/mv
    mv /tmp/arm7.elf bin/watchdog
    3⤵
    - Reads runtime system information
    PID:359
- - /bin/chmod
    chmod 777 bin/watchdog
    3⤵
    PID:364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads