346ecf180a9653b89ec86226cff41ca6e074991b924343946c2bed2c1b6eaa5e

Analysis

max time kernel
147s
max time network
126s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
20-04-2023 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cda493db470a70fe9842b4e3621b9e8d.elf
Size

156KB
MD5

cda493db470a70fe9842b4e3621b9e8d
SHA1

92ed53f35762aa977c43698af0e92a5cb0c408ec
SHA256

346ecf180a9653b89ec86226cff41ca6e074991b924343946c2bed2c1b6eaa5e
SHA512

6f9ef4c103d07d0c9dcd0ba9f406febb19880457edb660c84e048ebe7d0e4afa7b7245162542de6f5d6adbcc920c87ad2a58ddc7fbb6bbb9f0534c0ea9c97f93
SSDEEP

3072:41g2L2INNlzkCYYICUqaQcvB6gnyLRM/975mFwfBxKQodn:ug2LBNNlzDYYXUqa/MgnydM/9tmFwfBC

Score

7^/10

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery

T1016

description	ioc	Process
/proc/net/route	/proc/net/route	cda493db470a70fe9842b4e3621b9e8d.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
/proc/net/route	/proc/net/route	cda493db470a70fe9842b4e3621b9e8d.elf

/tmp/cda493db470a70fe9842b4e3621b9e8d.elf
/tmp/cda493db470a70fe9842b4e3621b9e8d.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:359

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads