Analysis
-
max time kernel
152s -
max time network
154s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
12-02-2024 12:42
Static task
static1
Behavioral task
behavioral1
Sample
749befcdd13537fbee830e380557f9db.elf
Resource
debian9-armhf-20231215-en
debian-9-armhf
General
-
Target
749befcdd13537fbee830e380557f9db.elf
-
Size
87KB
-
MD5
749befcdd13537fbee830e380557f9db
-
SHA1
154f96d3976728ddaf6de60a7ab76cdaede3b732
-
SHA256
49b8cf3e8dc8b744b73200518a82d053723519b499f802016914a6bcdfe543e2
-
SHA512
41b503e00a8acb59569c63c809ca2e5cb00e709273de00bf5929bb879e80f47ae256433444cbe4105730233455845ff3dbcfaf2fad8e565919ba756d6a9978f3
-
SSDEEP
1536:byfntcsQ/3spErqVFIsr8ywd3y0G3QcsIlilvgYHaCBiEAuca3yY9WG25QpIT8Q4:u7Gri4ywl7G8vgYHpiEvjvbMxs
Malware Config
Signatures
-
Contacts a large (46064) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/106/exe File opened for reading /proc/274/maps File opened for reading /proc/17/exe File opened for reading /proc/626/maps File opened for reading /proc/3/exe File opened for reading /proc/7/maps File opened for reading /proc/12/maps File opened for reading /proc/162/maps File opened for reading /proc/7/exe File opened for reading /proc/8/maps File opened for reading /proc/23/exe File opened for reading /proc/311/maps File opened for reading /proc/9/exe File opened for reading /proc/14/maps File opened for reading /proc/19/exe File opened for reading /proc/6/maps File opened for reading /proc/657/maps File opened for reading /proc/4/exe File opened for reading /proc/10/exe File opened for reading /proc/16/exe File opened for reading /proc/270/maps File opened for reading /proc/627/maps File opened for reading /proc/632/maps File opened for reading /proc/16/maps File opened for reading /proc/25/maps File opened for reading /proc/28/maps File opened for reading /proc/104/maps File opened for reading /proc/654/exe File opened for reading /proc/653/maps File opened for reading /proc/2/exe File opened for reading /proc/15/exe File opened for reading /proc/26/maps File opened for reading /proc/145/maps File opened for reading /proc/577/maps File opened for reading /proc/651/exe File opened for reading /proc/20/maps File opened for reading /proc/21/exe File opened for reading /proc/25/exe File opened for reading /proc/211/maps File opened for reading /proc/625/maps File opened for reading /proc/12/exe File opened for reading /proc/316/maps File opened for reading /proc/632/exe File opened for reading /proc/28/exe File opened for reading /proc/104/exe File opened for reading /proc/142/exe File opened for reading /proc/630/maps File opened for reading /proc/107/exe File opened for reading /proc/584/maps File opened for reading /proc/24/exe File opened for reading /proc/96/exe File opened for reading /proc/136/maps File opened for reading /proc/136/exe File opened for reading /proc/145/exe File opened for reading /proc/272/maps File opened for reading /proc/13/exe File opened for reading /proc/15/maps File opened for reading /proc/266/maps File opened for reading /proc/633/maps File opened for reading /proc/10/maps File opened for reading /proc/267/maps File opened for reading /proc/574/maps File opened for reading /proc/1/maps File opened for reading /proc/22/maps