Overview

overview

10

Static

static

10

861f3e361b...2711c8

debian-9-armhf

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    20-12-2023 05:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    861f3e361bc8b1df141425899b2711c8

  • Size

    113KB

  • MD5

    861f3e361bc8b1df141425899b2711c8

  • SHA1

    9574d3680680b1a66dad9dab1962f8ee91586770

  • SHA256

    a0af286c47ec6c01aa3f8f5ab4e221d73e688e62b1db10604f66105926b08679

  • SHA512

    e477468584e2a23b57593331bf182c5d656411c71658136418452f316354ae86e0f051ca52c31bedafed8b11005f5410b69e567ed51becaca4ea87858ae2b036

  • SSDEEP

    3072:8HriptjWJdLKz26JyTr2ZbUpwJY7l5hKRGGwXXIDjqudQAllrESyM:4rEbhJKl5hKRGmjqudQAllrESyM

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Deletes itself 1 IoCs
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/861f3e361bc8b1df141425899b2711c8
    /tmp/861f3e361bc8b1df141425899b2711c8
    1⤵
    • Changes its process name
    • Deletes itself
    • Reads system routing table
    • Reads system network configuration
    PID:659

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads