Analysis
-
max time kernel
0s -
max time network
131s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
28-03-2023 01:40
Behavioral task
behavioral1
Sample
673203aa86c58b8c5d2af610ba59e61800e390eeea0e8e6c02157b8f219a40ca.elf
Resource
debian9-armhf-en-20211208
General
-
Target
673203aa86c58b8c5d2af610ba59e61800e390eeea0e8e6c02157b8f219a40ca.elf
-
Size
160KB
-
MD5
708e9dc944fa9e36b62881d6ac08c8aa
-
SHA1
989889488d7643a777e613223b0e7f78150c8d21
-
SHA256
673203aa86c58b8c5d2af610ba59e61800e390eeea0e8e6c02157b8f219a40ca
-
SHA512
dee5f3b5b11262d884ba78bd125278a8b493c8473fdf37ea479a1aedc69560df28ebc853702eb7e8de81a0bf7bb0617486337e307836a8090eb03421f80eebb7
-
SSDEEP
3072:pQrBzuvjgC/m/uND3wGiTagGFBhGzH/6fdetJ8add9QzhsxNjeus5EymyOQ0LOXP:pTwG8a1FaL6fdetJ8addQ0NjeiymyOQP
Malware Config
Signatures
-
Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
673203aa86c58b8c5d2af610ba59e61800e390eeea0e8e6c02157b8f219a40ca.elfdescription ioc process /etc/rc.d/rc.local /etc/rc.d/rc.local 673203aa86c58b8c5d2af610ba59e61800e390eeea0e8e6c02157b8f219a40ca.elf -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
673203aa86c58b8c5d2af610ba59e61800e390eeea0e8e6c02157b8f219a40ca.elfdescription ioc process /proc/net/route /proc/net/route 673203aa86c58b8c5d2af610ba59e61800e390eeea0e8e6c02157b8f219a40ca.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
673203aa86c58b8c5d2af610ba59e61800e390eeea0e8e6c02157b8f219a40ca.elfdescription ioc process /proc/net/route /proc/net/route 673203aa86c58b8c5d2af610ba59e61800e390eeea0e8e6c02157b8f219a40ca.elf