79ebb17616415d931b650b87f4fca70ddb899b21cb60783cfcf4b53068398350

Analysis

max time kernel
129s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20231222-en
resource tags

arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
10-01-2024 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

skyljnearm7elf.elf
Size

198KB
MD5

9931b0649bfc4996f3ff4e8d202eb60e
SHA1

b8b50180d30720a3eeaf933b5fabb1ce2718df49
SHA256

79ebb17616415d931b650b87f4fca70ddb899b21cb60783cfcf4b53068398350
SHA512

bb9397ef2599476c3685a756ebeb6ef92a66002f2d192486684c445aba40379a5aa364b6bc803a30e722864c5797ffd74408fe06706701698ea6b204623bb32b
SSDEEP

3072:kj5NOAkPeywZQa7a4IOaxCeiIcbD9I0xBtIOFOaD9otM/RhwN/:u58yQamLOaxCeiIc3VBFFO2KtM/Rho

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (86557) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	#1,% #	657	skyljnearm7elf.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/41/cmdline
File opened for reading	/proc/698/cmdline
File opened for reading	/proc/765/cmdline
File opened for reading	/proc/150/cmdline
File opened for reading	/proc/659/cmdline
File opened for reading	/proc/689/cmdline
File opened for reading	/proc/718/cmdline
File opened for reading	/proc/719/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/148/cmdline
File opened for reading	/proc/662/cmdline
File opened for reading	/proc/702/cmdline
File opened for reading	/proc/773/cmdline
File opened for reading	/proc/108/cmdline
File opened for reading	/proc/632/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/695/cmdline
File opened for reading	/proc/701/cmdline
File opened for reading	/proc/744/cmdline
File opened for reading	/proc/670/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/8/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/139/cmdline
File opened for reading	/proc/626/cmdline
File opened for reading	/proc/661/cmdline
File opened for reading	/proc/679/cmdline
File opened for reading	/proc/681/cmdline
File opened for reading	/proc/43/cmdline
File opened for reading	/proc/98/cmdline
File opened for reading	/proc/295/cmdline
File opened for reading	/proc/660/cmdline
File opened for reading	/proc/711/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/25/cmdline
File opened for reading	/proc/297/cmdline
File opened for reading	/proc/677/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/637/cmdline
File opened for reading	/proc/680/cmdline
File opened for reading	/proc/727/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/710/cmdline
File opened for reading	/proc/763/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/76/cmdline
File opened for reading	/proc/671/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/764/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/672/cmdline
File opened for reading	/proc/675/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/754/cmdline

/tmp/skyljnearm7elf.elf
/tmp/skyljnearm7elf.elf
1⤵
- Changes its process name
PID:657

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads