Overview
overview
10Static
static
318e7407574...7d.exe
windows7-x64
1018e7407574...7d.exe
windows10-2004-x64
101c8b4ce8d4...78.exe
windows7-x64
11c8b4ce8d4...78.exe
windows10-2004-x64
1456480580b...dd.exe
windows7-x64
10456480580b...dd.exe
windows10-2004-x64
10700e76e752...58.exe
windows7-x64
10700e76e752...58.exe
windows10-2004-x64
1082cb6a221e...da.exe
windows7-x64
1082cb6a221e...da.exe
windows10-2004-x64
10ba01c08c3a...b4.elf
debian-9-armhf
9Analysis
-
max time kernel
153s -
max time network
155s -
platform
debian-9_armhf -
resource
debian9-armhf-20231026-en -
resource tags
arch:armhfimage:debian9-armhf-20231026-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
06-12-2023 02:36
Static task
static1
Behavioral task
behavioral1
Sample
18e7407574a68f77e1fae3d3c818d864b7a61b044e16805f684968335197cc7d.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
18e7407574a68f77e1fae3d3c818d864b7a61b044e16805f684968335197cc7d.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral3
Sample
1c8b4ce8d40a1abab07532a4d3a3832fc7e7e1c00c32002d264220afa0529b78.exe
Resource
win7-20231201-en
Behavioral task
behavioral4
Sample
1c8b4ce8d40a1abab07532a4d3a3832fc7e7e1c00c32002d264220afa0529b78.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral5
Sample
456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe
Resource
win7-20231201-en
Behavioral task
behavioral6
Sample
456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
700e76e7520021aeb60b4cd42c3ab8bbd2a20fc36228ad4dfce94c927b6e7f58.exe
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
700e76e7520021aeb60b4cd42c3ab8bbd2a20fc36228ad4dfce94c927b6e7f58.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral9
Sample
82cb6a221ee2b2c0c0f43139765407c713ff6980d966544f71f351c66928a4da.exe
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
82cb6a221ee2b2c0c0f43139765407c713ff6980d966544f71f351c66928a4da.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral11
Sample
ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elf
Resource
debian9-armhf-20231026-en
General
-
Target
ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elf
-
Size
61KB
-
MD5
fa9bbf55033f574c2b4cbd81da5ed433
-
SHA1
6cb40777e153a9e4028e5c30c5af86b0f56f768e
-
SHA256
ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4
-
SHA512
08c39d6214ce0ffa7a6030daa5f45a7774730c2a5599c8213bd40f38b5538a71f9e87e8345d379e642506405924fe2b194e395b354d5cba79b876478bcbb72b6
-
SSDEEP
1536:1aoa3nfdgN5ceyp3row6V1R75T5Ix/yEvSmY:1aoGnfW2pbyV1R7krA
Malware Config
Signatures
-
Contacts a large (76773) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself [telnetd] 671 ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elf -
Deletes itself 1 IoCs
Processes:
ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elfpid process 671 ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elf -
Renames itself 2 IoCs
Processes:
ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elfpid process 671 ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elf 671 ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elf -
Unexpected DNS network traffic destination 35 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 9.9.9.9 Destination IP 4.2.2.2 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 4.2.2.2 Destination IP 9.9.9.9 Destination IP 4.2.2.2 Destination IP 9.9.9.9 Destination IP 4.2.2.2 Destination IP 9.9.9.9 Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 4.2.2.2 Destination IP 9.9.9.9 Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 4.2.2.2 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 4.2.2.2 Destination IP 9.9.9.9