Analysis
-
max time kernel
152s -
max time network
154s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
19-12-2023 23:12
Behavioral task
behavioral1
Sample
4e946e8956924d95d46250d1beac6b53
Resource
debian9-armhf-20231215-en
General
-
Target
4e946e8956924d95d46250d1beac6b53
-
Size
157KB
-
MD5
4e946e8956924d95d46250d1beac6b53
-
SHA1
09e4318782e17c3e662817005aec29ed511d1bf1
-
SHA256
90b5e729c46a964887ee2995f88c7d5985f010747df90a09a550495a486bc740
-
SHA512
f6295f2a69662ae0c9cb5a70d4037bac7dc078a13d532c3df31d852ef919ac30266db6faab3a4374fcbe2bac9b90e945a68a57c595b0627754578154c9de57ab
-
SSDEEP
3072:zfm3+bfkM2MFhedk++nLaa8MA8+Vo86Ooa9YEvj+uYM/9yy8j2Yp:Lm3ofJQdYLaa8MA8+Vx6OXvj+FM/9ydn
Malware Config
Signatures
-
Contacts a large (197206) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
4e946e8956924d95d46250d1beac6b53description ioc pid process Changes the process name, possibly in an attempt to hide itself rtsp 650 4e946e8956924d95d46250d1beac6b53 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/568/exe File opened for reading /proc/568/maps File opened for reading /proc/574/exe