Analysis

  • max time kernel
    152s
  • max time network
    154s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    19-12-2023 23:12

General

  • Target

    4e946e8956924d95d46250d1beac6b53

  • Size

    157KB

  • MD5

    4e946e8956924d95d46250d1beac6b53

  • SHA1

    09e4318782e17c3e662817005aec29ed511d1bf1

  • SHA256

    90b5e729c46a964887ee2995f88c7d5985f010747df90a09a550495a486bc740

  • SHA512

    f6295f2a69662ae0c9cb5a70d4037bac7dc078a13d532c3df31d852ef919ac30266db6faab3a4374fcbe2bac9b90e945a68a57c595b0627754578154c9de57ab

  • SSDEEP

    3072:zfm3+bfkM2MFhedk++nLaa8MA8+Vo86Ooa9YEvj+uYM/9yy8j2Yp:Lm3ofJQdYLaa8MA8+Vx6OXvj+FM/9ydn

Score
9/10

Malware Config

Signatures

  • Contacts a large (197206) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 3 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/4e946e8956924d95d46250d1beac6b53
    /tmp/4e946e8956924d95d46250d1beac6b53
    1⤵
    • Changes its process name
    PID:650

Network

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Network Service Discovery

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Replay Monitor

Loading Replay Monitor...

Downloads