Overview

overview

10

Static

static

10

472f63cf5c...5b1d7a

debian-9-armhf

7

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    19/12/2023, 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    472f63cf5c1ebf931569cc57bb5b1d7a

  • Size

    130KB

  • MD5

    472f63cf5c1ebf931569cc57bb5b1d7a

  • SHA1

    fb2f417fe66ba43ea0e53b9b204e6745a6d23f09

  • SHA256

    f0b0abe7c93980ff94b369905cf9e684532b42bf8dce36319c4c4930358bd940

  • SHA512

    f9127136faf67671daefb724cb00ec75f8ed51d3dc652032c05a4a5901c798ef5e51dea9646930bdb03d8d50437e17995b571b0027223699beee4ae527d18c25

  • SSDEEP

    3072:J54jYmIpS/4GYIDxWjdES4Pv1D+ROML/iB2aQlVeZnx8D8iR+NyzR/VtrEmtmAQR:zE2aQlVFR+NyzxtmAQAWij18

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/472f63cf5c1ebf931569cc57bb5b1d7a
    /tmp/472f63cf5c1ebf931569cc57bb5b1d7a
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:655

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads