Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    12-02-2024 04:56

General

  • Target

    83953898a2e82deb94d627ba5fb4217060637fe05f1b3656233892f1ba1d46bf.elf

  • Size

    53KB

  • MD5

    8cf69824c6370c3d94f1b33ad82d1cb5

  • SHA1

    229affd9b5703b7c9a0a41d747d2c3d25941bff5

  • SHA256

    83953898a2e82deb94d627ba5fb4217060637fe05f1b3656233892f1ba1d46bf

  • SHA512

    d34dc3de63df9dbed46b0adf980768b74185cddc40169a3bd0e5a689509c53f9c32d3593fd6b504a809c73d17bd848dad571b2dc3ef38a6aed91f7d4786572ad

  • SSDEEP

    1536:jYTBTpvc86Ixisjt26UEzsqoELzpANxknLWuA:ET1pvx6Ixis5mEzsNEL1YmniuA

Score
6/10

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/83953898a2e82deb94d627ba5fb4217060637fe05f1b3656233892f1ba1d46bf.elf
    /tmp/83953898a2e82deb94d627ba5fb4217060637fe05f1b3656233892f1ba1d46bf.elf
    1⤵
    • Reads system routing table
    • Reads system network configuration
    • Reads runtime system information
    • Writes file to tmp directory
    PID:655

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /tmp/Infected.log

    Filesize

    107B

    MD5

    a70a5dde6f79eaea4e71c88b6a2ccc38

    SHA1

    92c0273c4be5d4b7bdbdd500de5a64e5e05652b2

    SHA256

    d087a5a10a09b589993d8cc44a24ef22db26ffd0feeeb3f29b15af008c292af8

    SHA512

    aaa7d00faa34a87292f23a16dae8a7a4b5a40c8e375a579f1286427819c2a04e1c6f970dbc0f2433e6c03f59a2ece0f28ba1e8fc526bc4afe77f176f61876c52