Analysis
-
max time kernel
152s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
13/02/2024, 02:44
Behavioral task
behavioral1
Sample
2c55c09e3e758a4a63ac122d3a2a5db3ee221408661878c585596994e49af53a.elf
Resource
debian9-armhf-20231215-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
2c55c09e3e758a4a63ac122d3a2a5db3ee221408661878c585596994e49af53a.elf
-
Size
50KB
-
MD5
c37cb46ee50263bf87fd49918ed40382
-
SHA1
23209de2bec8c0490c1a6ca67fa6f6d19bcc1335
-
SHA256
2c55c09e3e758a4a63ac122d3a2a5db3ee221408661878c585596994e49af53a
-
SHA512
6c528f27042c00f359b1e4e60d3ff68beda30ff0ba2121816aa57c35c640c057bcb690face4b9deef7777e2136ebd7f4136f405b913fd4572fe239da2c7d319d
-
SSDEEP
768:9cQWqZeXJkYSydeC+z+EQnhLjerwCEXt2qBeli5ydEopf7qaokZWrnoJQw:TW5hSyPlZlerwCEwiKAeRr
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 649 2c55c09e3e758a4a63ac122d3a2a5db3ee221408661878c585596994e49af53a.elf -
Deletes itself 1 IoCs
pid Process 649 2c55c09e3e758a4a63ac122d3a2a5db3ee221408661878c585596994e49af53a.elf -
Renames itself 2 IoCs
pid Process 649 2c55c09e3e758a4a63ac122d3a2a5db3ee221408661878c585596994e49af53a.elf 649 2c55c09e3e758a4a63ac122d3a2a5db3ee221408661878c585596994e49af53a.elf -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 217.160.70.42 Destination IP 217.160.70.42 Destination IP 217.160.70.42 Destination IP 45.61.49.203 Destination IP 217.160.70.42 Destination IP 89.163.140.67 Destination IP 51.254.162.59 Destination IP 217.160.70.42 Destination IP 185.84.81.194 Destination IP 51.254.162.59 Destination IP 130.61.69.123 Destination IP 103.87.68.195 Destination IP 217.160.70.42 Destination IP 51.254.162.59 Destination IP 103.87.68.194 Destination IP 64.176.6.48 Destination IP 185.84.81.194 Destination IP 130.61.69.123 Destination IP 138.197.140.189 Destination IP 51.77.149.139 Destination IP 45.61.49.203 Destination IP 51.254.162.59 Destination IP 103.87.68.195 Destination IP 185.84.81.194 Destination IP 130.61.69.123 Destination IP 51.254.162.59 Destination IP 51.254.162.59 Destination IP 89.163.140.67 Destination IP 51.254.162.59 Destination IP 130.61.69.123 Destination IP 70.34.254.19 Destination IP 35.211.96.150 Destination IP 35.211.96.150 Destination IP 103.87.68.195 Destination IP 217.160.70.42 Destination IP 103.87.68.195 Destination IP 64.176.6.48 Destination IP 45.61.49.203 Destination IP 130.61.69.123 Destination IP 192.71.166.92 Destination IP 130.61.69.123 Destination IP 185.84.81.194 Destination IP 185.84.81.194 Destination IP 217.160.70.42 Destination IP 217.160.70.42 Destination IP 35.211.96.150 Destination IP 103.87.68.195 Destination IP 217.160.70.42 Destination IP 64.176.6.48 Destination IP 51.77.149.139 Destination IP 130.61.69.123 Destination IP 54.36.111.116 Destination IP 51.77.149.139 Destination IP 130.61.69.123 Destination IP 103.87.68.194 Destination IP 217.160.70.42 Destination IP 64.176.6.48 Destination IP 178.254.22.166 Destination IP 217.160.70.42 Destination IP 54.36.111.116 Destination IP 54.36.111.116 Destination IP 54.36.111.116 Destination IP 103.87.68.194 Destination IP 103.87.68.194