Overview

overview

10

Static

static

10

bdc77afda6...dc.elf

debian-9-armhf

9

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • resource tags

    arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    06-06-2023 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdc77afda6b9fc1d82ca1a0750b3e1dc.elf

  • Size

    133KB

  • MD5

    bdc77afda6b9fc1d82ca1a0750b3e1dc

  • SHA1

    9859792e4f0ef2d18f4977ca8b690f46ff08e8f1

  • SHA256

    432e01a3d3a989e847fa25458ed4aecb610f1983f868474b8d2816f7a08f5c5c

  • SHA512

    d08007faa522f6f75bd105bad9cf498aab792aaad928cdc0e6bfc735bf7369b67649240a2163ec8ac19e693a6247d0c55462000bea97debc3f4eafa1150823b2

  • SSDEEP

    3072:IIrDhJl8rkne9XVbe5YjsZgK/BPPY2pWZU97Yz1OoM/9BjUG6:ZrDhJl8rBS5MagK/BPwqWeuz1dM/9Bj+

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (94423) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/bdc77afda6b9fc1d82ca1a0750b3e1dc.elf
    /tmp/bdc77afda6b9fc1d82ca1a0750b3e1dc.elf
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    PID:367

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads