7225c817d70613f0ca96dec049355be2947f7306762d1f4cb2e9fc264b8cc4f9

Analysis

max time kernel
151s
max time network
154s
platform
debian-9_armhf
resource
debian9-armhf-20221125-en
resource tags

arch:armhfimage:debian9-armhf-20221125-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
24/08/2023, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mra7.elf
Size

125KB
MD5

c1692398ddceb6cf18561ffca55935c7
SHA1

264398fa307d6b39a1523cbcf878050e8f401a72
SHA256

7225c817d70613f0ca96dec049355be2947f7306762d1f4cb2e9fc264b8cc4f9
SHA512

519e066dce58a3d42bcf016c57ea677e9b9f7c6501d6856414e087eef1a0bd1d8bcbb038a017661666fb0f5267ce96bb69f923ca4ca655c6b45e17413e0326a9
SSDEEP

3072:S5qBQ+GuaZV/5DL/FTI/+qJ0dNPafW5h0puxu:S5qBQzuaZ55DL/F8/6dNPa+5hZxu

Score

7^/10

Malware Config

Signatures

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	daddyl33t's back	368	mra7.elf
Changes the process name, possibly in an attempt to hide itself		368	mra7.elf
Changes the process name, possibly in an attempt to hide itself		372	Process not Found
Changes the process name, possibly in an attempt to hide itself		371	Process not Found

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc
File opened for modification	/etc/resolv.conf

/tmp/mra7.elf
/tmp/mra7.elf
1⤵
- Changes its process name
PID:368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...