Overview

overview

10

Static

static

10

d6d58fe964...37.elf

debian-9-armhf

7

Analysis

  • max time kernel
    11605s
  • max time network
    128s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    26-03-2023 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf

  • Size

    148KB

  • MD5

    14ee5ff8f0fcd533a27396a917f49a5f

  • SHA1

    a596a90ea8cc68771340d2518c2f8101f5e9c0e0

  • SHA256

    d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37

  • SHA512

    c8dfa4979afa75b49ae814e0f45e92859afd1d3570acff14d541d7c708b717b3f7f455fb142e4ae847f9291c95851c3d197393aac543e5fe24741b5e2a16b592

  • SSDEEP

    3072:kd2za4YR7r2yOQIg0U5h8MDygyqmyGQUYT7XS/n:Y2a4YR7Z0U5h8MD3myGQUYTLS/n

Score
7/10

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf
    /tmp/d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf
    1⤵
    • Reads system routing table
    • Reads system network configuration
    PID:348

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads