Analysis
-
max time kernel
145s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
19-12-2023 23:01
Behavioral task
behavioral1
Sample
3d2429b7ad2ac2f6fe164ee62f2838ec
Resource
debian9-armhf-20231215-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
3d2429b7ad2ac2f6fe164ee62f2838ec
-
Size
154KB
-
MD5
3d2429b7ad2ac2f6fe164ee62f2838ec
-
SHA1
f4f5fdc0a6e2f53db6106a95a3e9c88b847077bd
-
SHA256
dc4e2edda3f53890eba513e466a5859f8f3b0552b3fe8414de3ca5c1ceef4cf1
-
SHA512
a6b8d2d657bbe272f2f6e36c46336d1817e8192d53492d28853b7279755bc255f17192333f9f46e054ea1b53884aedf167b4521f14db2946b61482766d2fe8cb
-
SSDEEP
3072:Od/dRL2nl8ycWpWFAraV3bevzlVMwLU6PgFH3ZpM/96ud:Od1RL2l8yuCraV3bevzPc6oFH3nM/96E
Score
9/10
Malware Config
Signatures
-
Contacts a large (2558) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Write file to user bin folder 1 TTPs 2 IoCs
description ioc File opened for modification /usr/sbin/exim4 File opened for modification /usr/sbin/agent -
Writes file to system bin folder 1 TTPs 3 IoCs
description ioc File opened for modification /bin/bash File opened for modification /bin/dash File opened for modification /sbin/agetty -
Reads runtime system information 20 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/657/maps File opened for reading /proc/664/maps File opened for reading /proc/582/maps File opened for reading /proc/634/maps File opened for reading /proc/637/maps File opened for reading /proc/639/maps File opened for reading /proc/635/maps File opened for reading /proc/643/maps File opened for reading /proc/661/maps File opened for reading /proc/666/maps File opened for reading /proc/755/maps File opened for reading /proc/662/maps File opened for reading /proc/665/maps File opened for reading /proc/575/maps File opened for reading /proc/578/maps File opened for reading /proc/581/maps File opened for reading /proc/595/maps File opened for reading /proc/628/maps File opened for reading /proc/640/maps File opened for reading /proc/775/maps