bb3b0e981e52a8250abcdf320bf7e5398d7bebf015643f8469f63d943b42f284

Analysis

max time kernel
122s
max time network
69s
platform
debian-9_armhf
resource
debian9-armhf-20231222-en
resource tags

arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30-12-2023 14:16

Target

1b2952d6ccb473fb24e820cdd60c49dd
Size

4.5MB
MD5

1b2952d6ccb473fb24e820cdd60c49dd
SHA1

e00b02cfe3f26ef3e0e66913edc871f15ad0d061
SHA256

bb3b0e981e52a8250abcdf320bf7e5398d7bebf015643f8469f63d943b42f284
SHA512

b7f39f0ec13da62e5ed802b2d2cb5f992dc82ef45afaed868d9354adfd04672191813743e3b90313ce24e5cc0497f46f932065709fe969c1a8053361c3144b16
SSDEEP

49152:PSVay3WHHh74K1kLq2C6ZzohPtKuAb7/C:KVa2Wnh0q0quoO/C

Score

3^/10

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

1b2952d6ccb473fb24e820cdd60c49dd

description ioc process

File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size 1b2952d6ccb473fb24e820cdd60c49dd
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

1b2952d6ccb473fb24e820cdd60c49dd

description ioc process

File opened for modification /tmp/1b2952d6ccb473fb24e820cdd60c49dd.pid 1b2952d6ccb473fb24e820cdd60c49dd

description	ioc	process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	1b2952d6ccb473fb24e820cdd60c49dd

description	ioc	process
File opened for modification	/tmp/1b2952d6ccb473fb24e820cdd60c49dd.pid	1b2952d6ccb473fb24e820cdd60c49dd

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact