Overview

overview

10

Static

static

10

c4eb01a5c5...36.elf

debian-9-armhf

9

Analysis

  • max time kernel
    11038s
  • max time network
    142s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    19-03-2023 11:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4eb01a5c571c834de83c359d4c16d36.elf

  • Size

    139KB

  • MD5

    c4eb01a5c571c834de83c359d4c16d36

  • SHA1

    bf4e2266b5056f14ee4eb347cbd2e4731fe1de9a

  • SHA256

    4e6aac2e57593b8d6b5af3a8cb8e23b528b6655b8bbf87faf41fac20850f8d6a

  • SHA512

    a9ff4f0ec06562aca4572adcae440ef85edee6324d54f95055be3e503d3183c8103d55c5fee7e0993e017d72cc6eb58dac1c4923919033c55a309f6116a0858d

  • SSDEEP

    3072:Cv/WwsLgaq353qHiCOvhOpAqkDQHbeskmhxQwoVSUNu:KPLaq351hOpAqkLskmhxQwoVSUNu

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/c4eb01a5c571c834de83c359d4c16d36.elf
    /tmp/c4eb01a5c571c834de83c359d4c16d36.elf
    1⤵
    • Reads system routing table
    • Reads system network configuration
    PID:353

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads