Overview

overview

7

Static

static

7

309f399788...b1.elf

debian-9-armhf

7

Analysis

  • max time kernel
    152s
  • max time network
    5s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    13-02-2024 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    309f399788b63f66cfa7b37ae1db5dced55a9e73b768a7f05ea4de553192eeb1.elf

  • Size

    43KB

  • MD5

    658546615af406983e3726df84d159d2

  • SHA1

    444c4f7d9beda320cc3cfe282853bd97e4207db6

  • SHA256

    309f399788b63f66cfa7b37ae1db5dced55a9e73b768a7f05ea4de553192eeb1

  • SHA512

    1da004a483b2a0802581c8cfc14ecb9ff2e52d88c53f11309df1679683b8fabef5dbabafb90e9982140312cef90459db076d8ae5c95b3f00d934589c00297687

  • SSDEEP

    768:7IFCfUmZn85qrhyFAOAQlO8F+roQDXKzQVA3wwcGL9ooLUl5T3Ra57XRmK:7IKX9qq1MZ5lOs9G0ww9vIlpRqRP

Score
7/10

Malware Config

Signatures

  • Changes its process name 2 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/309f399788b63f66cfa7b37ae1db5dced55a9e73b768a7f05ea4de553192eeb1.elf
    /tmp/309f399788b63f66cfa7b37ae1db5dced55a9e73b768a7f05ea4de553192eeb1.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:653

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads