96066d6742bbb089f1d10fdcc2a1bdc21aefb54058a0049dbd9752fb6d9bf472 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

e6edd65506...19.elf

debian-9-armhf

9

Sharing

Copy URL Twitter E-mail

General

Target

e6edd6550600dafb8bfa1349b21026bbcfb9811888c105dc9672d6d197ae8b19.zip
Size

1.4MB
Sample

231119-1jc1mscg3t
MD5

87db65a20736e429f00f3094e95820e6
SHA1

6ad04773be8e33bebbfa93b86539c0efc4d27dd9
SHA256

96066d6742bbb089f1d10fdcc2a1bdc21aefb54058a0049dbd9752fb6d9bf472
SHA512

6b2423288b24efb022c1a3b9bbabbd841a2e9b7d52098faebd63b63b68952ad1b1099c8442765a724d37d981df05919c058036cdf2790b4e3b94ecc527373f82
SSDEEP

24576:dW0b8uTATWy08U9ztOVJqTErz4AANej6MohxlVghTG1RCmMHIdM+LNX31bJGq:XTAi5/ztOLqTCzDA4Gl0haRWIi+pH11f

Score

9^/10

antivm discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e6edd6550600dafb8bfa1349b21026bbcfb9811888c105dc9672d6d197ae8b19.elf

Resource

debian9-armhf-20231026-en

antivm discovery persistence

debian-9-armhf

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e6edd6550600dafb8bfa1349b21026bbcfb9811888c105dc9672d6d197ae8b19.elf
- Size
  
  1.4MB
- MD5
  
  e7c802a697bc9c56abcdf3d5f8dd53a5
- SHA1
  
  8fe01876a890ad448b52907d11bdd3e9c2822aaf
- SHA256
  
  e6edd6550600dafb8bfa1349b21026bbcfb9811888c105dc9672d6d197ae8b19
- SHA512
  
  edd597d23b51c947185f5895a512dee18b86d97c157699f8139a71c9e9eedb74f43e2b6888c696edda6187ed180e3cdfdfcc0cb9eeb7d1b51940b8370ef0d00f
- SSDEEP
  
  24576:E4aNweg+U8fIa4OIwP1pmlXmiDozMAdXI5dtzm1fD8bhddZK21stOD:E4aNRU8fIa1pml2ikzMAcK1ah3nKt8
Score

9^/10

antivm discovery persistence
- Contacts a large (26044) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

antivmdiscoverypersistence

© 2018-2025

Terms | Privacy