283048584e8441bf63c8612277c468fdddabda873ab1085f3a708c92b5b66391

Analysis

max time kernel
142s
max time network
152s
platform
debian-9_armhf
resource
debian9-armhf-20231215-en
resource tags

arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
19-12-2023 23:28

Target

68b5b2c55974d2418074cc28fe257434
Size

143KB
MD5

68b5b2c55974d2418074cc28fe257434
SHA1

f0c6ca4d002093acc29d494695f3d6abffcabfd4
SHA256

283048584e8441bf63c8612277c468fdddabda873ab1085f3a708c92b5b66391
SHA512

b6ecfa52a14b87d5dc849ac01b93755a58d31abb2a93d5e00691d90737313a086155007f02931ac1c2510551ca32fd086ebe2466159cf40bce50a7f8b4e2e769
SSDEEP

3072:Cmo9ExfnD3xqX8eatvn35JCTcEaM/9oemSwfvIQhta:CV9ExfD3QX8ea9JJCTcZM/9oemSwfvny

Score

6^/10

Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

68b5b2c55974d2418074cc28fe257434

description ioc process

File opened for reading /proc/net/route 68b5b2c55974d2418074cc28fe257434
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

68b5b2c55974d2418074cc28fe257434

description ioc process

File opened for reading /proc/net/route 68b5b2c55974d2418074cc28fe257434

description	ioc	process
File opened for reading	/proc/net/route	68b5b2c55974d2418074cc28fe257434

description	ioc	process
File opened for reading	/proc/net/route	68b5b2c55974d2418074cc28fe257434

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact