25320537a81e5973c49a8e4617233e4e69aa9cabc923d91b342df66f3cc0b076

Analysis

max time kernel
11605s
max time network
128s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
26-03-2023 01:07

Target

d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf
Size

148KB
MD5

14ee5ff8f0fcd533a27396a917f49a5f
SHA1

a596a90ea8cc68771340d2518c2f8101f5e9c0e0
SHA256

d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37
SHA512

c8dfa4979afa75b49ae814e0f45e92859afd1d3570acff14d541d7c708b717b3f7f455fb142e4ae847f9291c95851c3d197393aac543e5fe24741b5e2a16b592
SSDEEP

3072:kd2za4YR7r2yOQIg0U5h8MDygyqmyGQUYT7XS/n:Y2a4YR7Z0U5h8MD3myGQUYTLS/n

Score

7^/10

Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf

description ioc process

/proc/net/route /proc/net/route d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf

description ioc process

/proc/net/route /proc/net/route d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf

description	ioc	process
/proc/net/route	/proc/net/route	d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf

description	ioc	process
/proc/net/route	/proc/net/route	d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact