a5f1d2f9c1a87ad5f74b8e6dcc904d67ca669c75ce2d26517c0a51d22c4558d1

Analysis

max time kernel
0s
max time network
127s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
20/03/2023, 18:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.ELF.BotAttack-B.29720.22221.elf
Size

916KB
MD5

7a4bd01159995a28b210621e4049f31c
SHA1

9250233f802ad6e44a01728ebe226ec2684d584e
SHA256

a5f1d2f9c1a87ad5f74b8e6dcc904d67ca669c75ce2d26517c0a51d22c4558d1
SHA512

834128da776f7886b1c097fd0bc9acbb93936e0c9d2ca80f797500f7326914ccd912bbe16d948621931938f081e5d77417f0200b1f2f5b2490b3a2645c57e007
SSDEEP

12288:efgFg8+Fq2KK9TsgCyN51jYZfYOUJRHUOZpH9n9RJxO4JKydpgmP:euIF1pnDUdTUJR0OrjRTV

Score

6^/10

Malware Config

Signatures

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc
/proc/net/maps	/proc/net/maps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
/proc/9/maps	/proc/9/maps
/proc/273/maps	/proc/273/maps
/proc/irq/maps	/proc/irq/maps
/proc/3/maps	/proc/3/maps
/proc/8/maps	/proc/8/maps
/proc/20/maps	/proc/20/maps
/proc/104/maps	/proc/104/maps
/proc/bus/maps	/proc/bus/maps
/proc/device-tree/maps	/proc/device-tree/maps
/proc/41/maps	/proc/41/maps
/proc/229/maps	/proc/229/maps
/proc/231/maps	/proc/231/maps
/proc/cpu/maps	/proc/cpu/maps
/proc/25/maps	/proc/25/maps
/proc/29/maps	/proc/29/maps
/proc/235/maps	/proc/235/maps
/proc/2/maps	/proc/2/maps
/proc/107/maps	/proc/107/maps
/proc/164/maps	/proc/164/maps
/proc/286/maps	/proc/286/maps
/proc/347/maps	/proc/347/maps
/proc/26/maps	/proc/26/maps
/proc/sys/maps	/proc/sys/maps
/proc/12/maps	/proc/12/maps
/proc/106/maps	/proc/106/maps
/proc/161/maps	/proc/161/maps
/proc/../maps	/proc/../maps
/proc/14/maps	/proc/14/maps
/proc/16/maps	/proc/16/maps
/proc/42/maps	/proc/42/maps
/proc/1/maps	/proc/1/maps
/proc/305/maps	/proc/305/maps
/proc/146/maps	/proc/146/maps
/proc/tty/maps	/proc/tty/maps
/proc/228/maps	/proc/228/maps
/proc/	/proc/
/proc/15/maps	/proc/15/maps
/proc/19/maps	/proc/19/maps
/proc/138/maps	/proc/138/maps
/proc/342/maps	/proc/342/maps
/proc/5/maps	/proc/5/maps
/proc/driver/maps	/proc/driver/maps
/proc/6/maps	/proc/6/maps
/proc/7/maps	/proc/7/maps
/proc/11/maps	/proc/11/maps
/proc/18/maps	/proc/18/maps
/proc/24/maps	/proc/24/maps
/proc/43/maps	/proc/43/maps
/proc/fs/maps	/proc/fs/maps
/proc/303/maps	/proc/303/maps
/proc/95/maps	/proc/95/maps
/proc/136/maps	/proc/136/maps
/proc/277/maps	/proc/277/maps
/proc/308/maps	/proc/308/maps
/proc/74/maps	/proc/74/maps
/proc/10/maps	/proc/10/maps
/proc/13/maps	/proc/13/maps
/proc/21/maps	/proc/21/maps
/proc/212/maps	/proc/212/maps
/proc/sysvipc/maps	/proc/sysvipc/maps
/proc/307/maps	/proc/307/maps
/proc/28/maps	/proc/28/maps
/proc/17/maps	/proc/17/maps
/proc/22/maps	/proc/22/maps

/tmp/SecuriteInfo.com.ELF.BotAttack-B.29720.22221.elf
/tmp/SecuriteInfo.com.ELF.BotAttack-B.29720.22221.elf
1⤵
PID:349

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads