b089fcd4a23591b5b94198f4efeb166d81aea76e5a5785d5e0c5e5c885ad9c5f

Analysis

max time kernel
154s
max time network
157s
platform
debian-9_armhf
resource
debian9-armhf-20231215-en
resource tags

arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
21-12-2023 22:58

Target

gosh/gen-pass.h
Size

14KB
MD5

2af8736a176fe45f921519d637a636ad
SHA1

98deb3be2d29f6df2a0dbe61e62f3faabb31a541
SHA256

0a059b23b89a52d9f9e24e35251f68e72e2345d1b1d3e24814311bc0d6b75a1a
SHA512

698f82065e99986865be7af088c901d55ae3836e9e9ca7349483803782122f03234eff8874beab5359b40720410d50d765246a434c010fc8180e86e36b6b283b
SSDEEP

384:+si6F2+TAenEAlt6tWHbpwf5bUD2yt3YanX:+si62+TlKo7dl39X

Score

7^/10

discovery

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/usr/sbin/apache/log	647	gen-pass.h

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact