Overview

overview

7

Static

static

1

mal

debian-9-armhf

7

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231026-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231026-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    11-11-2023 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mal

  • Size

    86KB

  • MD5

    060295fd9e3a42449703524d9c184f96

  • SHA1

    3b518191a06d94bbd7e379f27e0fd4115e803d65

  • SHA256

    c7273e87c151953c82ce1081ed170630a51082d6f2f2ee36853a21cbe399b019

  • SHA512

    2ab9ec7833b11cf9959a8f484a438aee404faa94721281a692e18b13e27f4868310c285d751b7169073a862340a66c7a2a7536014cc002f298393598863dbb6c

  • SSDEEP

    1536:Ua4MyBX7SpHqoLwYtUeiLBrlqZ03sOAznRV7VFHockQEXUt/IEtXvMxMRYYOd1/S:UWyBX74qMKbO03I7fuGINNYO7/xbk

Score
7/10

Malware Config

Signatures

  • Changes its process name 3 IoCs
  • Deletes itself 1 IoCs
  • Unexpected DNS network traffic destination 6 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/mal
    /tmp/mal
    1⤵
      PID:664

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads