Analysis
-
max time kernel
12385s -
max time network
147s -
platform
debian-9_armhf -
resource
debian9-armhf-20221111-en -
resource tags
arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
04-04-2023 02:00
Behavioral task
behavioral1
Sample
9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7.elf
Resource
debian9-armhf-20221111-en
debian-9-armhf
2 signatures
150 seconds
General
-
Target
9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7.elf
-
Size
112KB
-
MD5
cf068be65e5cde6c25feb311671b0f30
-
SHA1
2cd3dbfd02f0964e589050c8ce5df06c2eb5dbf3
-
SHA256
9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7
-
SHA512
f7bac552eb96984669ee1e82bc8a978e6ca3ac7366c4664ae36c0a71eed03e72b427b19197cad635104e4fec6c27a29611380ee0a4d1fce77c028cc3f89b1dc3
-
SSDEEP
3072:Ld5aPO2ONvarAJy9n5h/8KkGdAQvkbmOQUJ1UXpTn:Z5aPO7s9n5h/8KL2QcbmOQUJ1apTn
Score
7/10
Malware Config
Signatures
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7.elfdescription ioc process /proc/net/route /proc/net/route 9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7.elfdescription ioc process /proc/net/route /proc/net/route 9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7.elf