3bd4977cf7a4f5a0d1419fa3ee8a57d7c619f2478c07cd9d8343e72a3da355e7

Analysis

max time kernel
75s
max time network
150s
platform
debian-9_armhf
resource
debian9-armhf-20231221-en
resource tags

arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
11/01/2024, 03:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b5f00e256c6a42e17e09cbfb08a5d1260400847bf06bc61f2988b20b12a91373.elf
Size

148KB
MD5

910c5eb085dd01ea38e0e19ade69c111
SHA1

64d265a3410a80d3ca02a8d0587223f4517e0789
SHA256

b5f00e256c6a42e17e09cbfb08a5d1260400847bf06bc61f2988b20b12a91373
SHA512

db254bc2bc64919e612c50037c63df1e4534e09d76482481b85b585cb22f079c95f1f0ac562b2637029b35a0f072aba0e520ef7f8215058c9d1a1a0898896cd1
SSDEEP

3072:gmS+/m2wCA4NESxvFTG4HAlIZ5FW33rvfmMIWcdsz:gmQuESRNG4HPZ5FYrvfm8cdsz

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (86555) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	#1,% #	661	b5f00e256c6a42e17e09cbfb08a5d1260400847bf06bc61f2988b20b12a91373.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/744/cmdline
File opened for reading	/proc/113/cmdline
File opened for reading	/proc/671/cmdline
File opened for reading	/proc/695/cmdline
File opened for reading	/proc/708/cmdline
File opened for reading	/proc/727/cmdline
File opened for reading	/proc/735/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/753/cmdline
File opened for reading	/proc/42/cmdline
File opened for reading	/proc/278/cmdline
File opened for reading	/proc/639/cmdline
File opened for reading	/proc/705/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/752/cmdline
File opened for reading	/proc/755/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/686/cmdline
File opened for reading	/proc/710/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/668/cmdline
File opened for reading	/proc/689/cmdline
File opened for reading	/proc/734/cmdline
File opened for reading	/proc/27/cmdline
File opened for reading	/proc/166/cmdline
File opened for reading	/proc/279/cmdline
File opened for reading	/proc/586/cmdline
File opened for reading	/proc/41/cmdline
File opened for reading	/proc/703/cmdline
File opened for reading	/proc/750/cmdline
File opened for reading	/proc/682/cmdline
File opened for reading	/proc/687/cmdline
File opened for reading	/proc/706/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/8/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/583/cmdline
File opened for reading	/proc/672/cmdline
File opened for reading	/proc/746/cmdline
File opened for reading	/proc/754/cmdline
File opened for reading	/proc/767/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/676/cmdline
File opened for reading	/proc/699/cmdline
File opened for reading	/proc/741/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/642/cmdline
File opened for reading	/proc/646/cmdline
File opened for reading	/proc/677/cmdline
File opened for reading	/proc/306/cmdline
File opened for reading	/proc/747/cmdline
File opened for reading	/proc/103/cmdline
File opened for reading	/proc/110/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/637/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/43/cmdline

/tmp/b5f00e256c6a42e17e09cbfb08a5d1260400847bf06bc61f2988b20b12a91373.elf
/tmp/b5f00e256c6a42e17e09cbfb08a5d1260400847bf06bc61f2988b20b12a91373.elf
1⤵
- Changes its process name
PID:661

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads