Analysis
-
max time kernel
151s -
max time network
152s -
platform
debian-9_armhf -
resource
debian9-armhf-20221111-en -
resource tags
-
submitted
26-04-2023 10:24
General
-
Target
1bc971b3048142bf4582baddd7d51fd2.elf
-
Size
192KB
-
MD5
1bc971b3048142bf4582baddd7d51fd2
-
SHA1
a8182cc6ca180dd57f55026e428f62725e99cd70
-
SHA256
7d97f841f751fc60aeab86eb617d75c3c7eb184078dbcfeafc592487cc536ddb
-
SHA512
af256ddb7d7381cc3bfa72eeadfc077a65cd0dd142b8ebe6712e8a6bd9dd50355e3d735a66c0fe16c9fea3308ccc9464e9aa1a3d61ae09e8c87592bd1ae73d4a
-
SSDEEP
6144:VT+saOVM0GeELIXeCCT10q3DnM/9Jrm17L4X5LW:VCsaOVM0GejOX0oM/Prm1/4X5LW
Malware Config
Signatures
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/1bc971b3048142bf4582baddd7d51fd2.elf/tmp/1bc971b3048142bf4582baddd7d51fd2.elf1⤵
- Reads system routing table
- Reads system network configuration
- Writes file to tmp directory
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
330B
MD58d59ab2e07d5bf4aa2b1a791823d81f9
SHA1774e43351c15c9956d869033487adc1d6d435caf
SHA256381a29e11bda455294717252cf92b08e3313a73ed8cc404f95fa92041624c867
SHA5129b05e90da044be05a0337b0b4aa2366af0f6eff9189aed205b281c3f9d01506de287d078c22bf64171cc2b60cac59c052edeba0ad026267a9b7aeba1c7d2ab7d