6c264bfd4594fa8fecef25dcc55dff4e4063fa3985428ac5492700defe50239c

Analysis

max time kernel
152s
max time network
154s
platform
debian-9_armhf
resource
debian9-armhf-20231215-en
resource tags

arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
10/01/2024, 19:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

skyljnearm5elf.elf
Size

145KB
MD5

2a45852dbc079011d8679a0e71f34028
SHA1

78fca7aea09ccea2375817fd18a90208a7bfed91
SHA256

6c264bfd4594fa8fecef25dcc55dff4e4063fa3985428ac5492700defe50239c
SHA512

ddc0a5113c1bbcda39df15da8e51d497e6ab6e939a06f8c994b981d1065d5fa806b97699a104a85504aec3faffd65258d233c055a7706672e206967a57466111
SSDEEP

3072:S/aWJYvEZupYV1cx4lBz7QFu1/6yY6jEtIz:S/a7PpSGx4ll7QFhyPjEk

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (77220) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	#1,% #	653	skyljnearm5elf.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/25/cmdline
File opened for reading	/proc/573/cmdline
File opened for reading	/proc/659/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/768/cmdline
File opened for reading	/proc/686/cmdline
File opened for reading	/proc/695/cmdline
File opened for reading	/proc/712/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/731/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/41/cmdline
File opened for reading	/proc/134/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/664/cmdline
File opened for reading	/proc/671/cmdline
File opened for reading	/proc/672/cmdline
File opened for reading	/proc/674/cmdline
File opened for reading	/proc/764/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/107/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/758/cmdline
File opened for reading	/proc/283/cmdline
File opened for reading	/proc/665/cmdline
File opened for reading	/proc/732/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/266/cmdline
File opened for reading	/proc/569/cmdline
File opened for reading	/proc/629/cmdline
File opened for reading	/proc/663/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/760/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/27/cmdline
File opened for reading	/proc/265/cmdline
File opened for reading	/proc/628/cmdline
File opened for reading	/proc/634/cmdline
File opened for reading	/proc/745/cmdline
File opened for reading	/proc/652/cmdline
File opened for reading	/proc/702/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/744/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/740/cmdline
File opened for reading	/proc/94/cmdline
File opened for reading	/proc/104/cmdline
File opened for reading	/proc/633/cmdline
File opened for reading	/proc/669/cmdline
File opened for reading	/proc/711/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/737/cmdline
File opened for reading	/proc/766/cmdline
File opened for reading	/proc/733/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/74/cmdline
File opened for reading	/proc/268/cmdline
File opened for reading	/proc/660/cmdline
File opened for reading	/proc/677/cmdline
File opened for reading	/proc/690/cmdline
File opened for reading	/proc/707/cmdline

/tmp/skyljnearm5elf.elf
/tmp/skyljnearm5elf.elf
1⤵
- Changes its process name
PID:653

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads