Overview

overview

9

Static

static

7

lok.arm7.elf

debian-9-armhf

9

Analysis

  • max time kernel
    41309s
  • max time network
    153s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • resource tags

    arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    31-03-2023 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lok.arm7.elf

  • Size

    59KB

  • MD5

    edb64280b729e3299ca43c99939161b9

  • SHA1

    530d42ad15f5da90cbbb700ca8a8d2005dc1471f

  • SHA256

    60628ba3c363a8719f43139402794a925059096ac987d12a3370d64f5be0dd5d

  • SHA512

    68550ed42b6774cfbf8e1821bcb19a35ffb3d1f46d25f452c04e973bfb2fa45cf45440429cbf3f6289b44041eb265983ed71f66b9aee9ee37b4c9315df9f35be

  • SSDEEP

    1536:QqPm6pbZMeQYXQBpqYtgU7ChRPwKL185HApNs:rmcaeQYXQl3AyKLOtH

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (41276) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/lok.arm7.elf
    /tmp/lok.arm7.elf
    1⤵
    • Writes file to tmp directory
    PID:354

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Scanning

2
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads