Overview

overview

10

Static

static

10

6806ab3e23...07.elf

debian-9-armhf

7

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    08-05-2023 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6806ab3e23c595db94ccaa1c239da207.elf

  • Size

    205KB

  • MD5

    6806ab3e23c595db94ccaa1c239da207

  • SHA1

    06fad3d49ffdba791a0913b292dab4e51e9247db

  • SHA256

    2d204e0a17b9333d2b5d60a01cc57e0398cfa08d3ac5544b76962f8e8b524980

  • SHA512

    0a3cbd1f5aad93daf33ef5c1b93b8600241f4304475a2b50365745cd674e05fd7985edb32af9b79e1b53566c4886427a4486503a9350a7fc3745b915a89339ae

  • SSDEEP

    3072:mRosx4mz0wygRKvi1av0Y6JlJgvIfus+qwqEi5gfRFsFnkNvcFoV/KAv4hkFLnn0:mRoTSMQCa5StCDcSIpPMmyW49QjSx

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/6806ab3e23c595db94ccaa1c239da207.elf
    /tmp/6806ab3e23c595db94ccaa1c239da207.elf
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:423

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads