ad034b60ff30545b08fd9217e779914bfb9d5cc99cb35a293c931163c0929237

Analysis

max time kernel
149s
max time network
144s
platform
debian-9_armhf
resource
debian9-armhf-20231222-en
resource tags

arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
31/12/2023, 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25c2fb28aae3e071a68b80de5f3709b0
Size

53KB
MD5

25c2fb28aae3e071a68b80de5f3709b0
SHA1

93c66b2b299bb7e0ef803247190a8b71d4d210c2
SHA256

ad034b60ff30545b08fd9217e779914bfb9d5cc99cb35a293c931163c0929237
SHA512

59cfa4b32050dbfdc4c4bae3ba7ba0f208a967d28f6b7b5b87aaa497ffcefd28de1a8708dd9dcaae91cee4601294b13dd48c78ea7d3012ffeed1f1ec52127965
SSDEEP

1536:x4nyTvSYCtxo+SbQgcQ644v880IR2G7gQgYVfBjOc8FRDC:nT3C/o9bQgcQ644v8JIR2omfe

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	l6ipm0vuqvwog	665	25c2fb28aae3e071a68b80de5f3709b0

Deletes itself 1 IoCs

pid	Process
665	25c2fb28aae3e071a68b80de5f3709b0

Unexpected DNS network traffic destination 8 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/669/maps
File opened for reading	/proc/774/exe
File opened for reading	/proc/584/comm
File opened for reading	/proc/775/comm
File opened for reading	/proc/664/exe
File opened for reading	/proc/769/comm
File opened for reading	/proc/783/exe
File opened for reading	/proc/304/exe
File opened for reading	/proc/640/maps
File opened for reading	/proc/585/exe
File opened for reading	/proc/762/comm
File opened for reading	/proc/584/exe
File opened for reading	/proc/715/maps
File opened for reading	/proc/757/comm
File opened for reading	/proc/763/maps
File opened for reading	/proc/773/comm
File opened for reading	/proc/781/maps
File opened for reading	/proc/774/maps
File opened for reading	/proc/585/comm
File opened for reading	/proc/582/comm
File opened for reading	/proc/769/maps
File opened for reading	/proc/769/exe
File opened for reading	/proc/646/exe
File opened for reading	/proc/317/maps
File opened for reading	/proc/640/comm
File opened for reading	/proc/774/comm
File opened for reading	/proc/777/maps
File opened for reading	/proc/779/exe
File opened for reading	/proc/307/exe
File opened for reading	/proc/771/comm
File opened for reading	/proc/775/exe
File opened for reading	/proc/713/maps
File opened for reading	/proc/757/exe
File opened for reading	/proc/579/exe
File opened for reading	/proc/757/maps
File opened for reading	/proc/601/comm
File opened for reading	/proc/643/comm
File opened for reading	/proc/646/maps
File opened for reading	/proc/762/exe
File opened for reading	/proc/763/comm
File opened for reading	/proc/777/comm
File opened for reading	/proc/582/exe
File opened for reading	/proc/579/maps
File opened for reading	/proc/664/comm
File opened for reading	/proc/766/exe
File opened for reading	/proc/305/exe
File opened for reading	/proc/713/exe
File opened for reading	/proc/765/exe
File opened for reading	/proc/771/exe
File opened for reading	/proc/669/exe
File opened for reading	/proc/709/maps
File opened for reading	/proc/767/exe
File opened for reading	/proc/317/comm
File opened for reading	/proc/645/exe
File opened for reading	/proc/773/exe
File opened for reading	/proc/763/exe
File opened for reading	/proc/766/comm
File opened for reading	/proc/779/maps
File opened for reading	/proc/585/maps
File opened for reading	/proc/640/exe
File opened for reading	/proc/669/comm
File opened for reading	/proc/579/comm
File opened for reading	/proc/645/comm
File opened for reading	/proc/645/maps

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/25c2fb28aae3e071a68b80de5f3709b0	25c2fb28aae3e071a68b80de5f3709b0

/tmp/25c2fb28aae3e071a68b80de5f3709b0
/tmp/25c2fb28aae3e071a68b80de5f3709b0
1⤵
- Changes its process name
- Deletes itself
- Writes file to tmp directory
PID:665

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads