2e3a6bd6d2e03c347d8c717465fec6347037b7f25adae49e9e089bc744706545

Analysis

max time kernel
5s
max time network
9s
platform
debian-9_armhf
resource
debian9-armhf-20231215-en
resource tags

arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
31-12-2023 13:52

Target

38bdb0cd9d08144d096362ac1a1e4116
Size

4.5MB
MD5

38bdb0cd9d08144d096362ac1a1e4116
SHA1

6b0374473e8ce0cae9c26f7b44351e3339a08a7b
SHA256

2e3a6bd6d2e03c347d8c717465fec6347037b7f25adae49e9e089bc744706545
SHA512

881f7b8387e3dc82f1c0b3842c158329e3afee7fd7cfe60b56995a4e616c092b87de7a2535881ef3ac3df2c54c0a62d609a09909cc325bfc669974e6a594cdbc
SSDEEP

49152:tp5mpShKMlyW7kJIHNYckp43yKgKuAb7/C:P5mghRlfI6HK45/C

Score

3^/10

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

38bdb0cd9d08144d096362ac1a1e4116

description ioc process

File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size 38bdb0cd9d08144d096362ac1a1e4116
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

38bdb0cd9d08144d096362ac1a1e4116

description ioc process

File opened for modification /tmp/38bdb0cd9d08144d096362ac1a1e4116.pid 38bdb0cd9d08144d096362ac1a1e4116

description	ioc	process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	38bdb0cd9d08144d096362ac1a1e4116

description	ioc	process
File opened for modification	/tmp/38bdb0cd9d08144d096362ac1a1e4116.pid	38bdb0cd9d08144d096362ac1a1e4116

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact